[caops-wg] Name Constraints - attempt at framing issues
David Chadwick
d.w.chadwick at kent.ac.uk
Sun Oct 16 07:09:16 CDT 2005
Cowles, Robert D. wrote:
>>the issue is about global naming. You used a globally unique email
>>address in the certificate when you posed the question, so I
>>said yes.
>>If on the other hand you had just put Brett in the cert then
>>of course I
>>would not expect this to always name the same person.
>>
>
>
>
> But how can you believe that brett at isp.com is globally unique
> over time when companies like Verisign will resell "isp.com"
> almost immediately when it becomes available?
Thats a very good point. Clearly its globally unique, but the fact that
a unique name might belong to two different people at different points
in time is an issue that directories have struggled with as well. The
concept of "zombies" was introduced by directories to deal with this, a
zombie being a dead name that no longer existed, but had existed in the
past and therefore could not be reissued to anyone until a certain
(application configurable) time period had expired. But this would put
extra load and responsibility on a CA, and as we all know, the
commercial CAs write their CPSs so that they can remove as much
liability as possible from themselves, even putting the liability back
onto the RPs and EEs as much as they can. Ultimately it boils down to a
CA's procedures and policies, and this dictates how Trustworthy they are
regards
David
>
> BC
>
>
--
*****************************************************************
David W. Chadwick, BSc PhD
Professor of Information Systems Security
The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
Tel: +44 1227 82 3221
Fax +44 1227 762 811
Mobile: +44 77 96 44 7184
Email: D.W.Chadwick at kent.ac.uk
Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
Research Web site: http://sec.cs.kent.ac.uk
Entrust key validation string: MLJ9-DU5T-HV8J
PGP Key ID is 0xBC238DE5
*****************************************************************
More information about the caops-wg
mailing list