On 2/7/12 at 11:55, k...@bbn.com (Stephen Kent) wrote:
Keys are not really great identifiers; they change,
Keys don't change. People or programs may wish to change the
keys they are using, but keys themselves are constant.
they are not human meaningful (and thus there has to be another
layer of mapping between key and human-readable IDs, which
creates more vulnerabilities), etc.
It the key represents an authorization, it may not need to be
human meaningful.
We get a lot of comments wanting to achieve some level of
assurance about identification. For most uses, we are more
interested in authorization than in identification. (If we need
identification for auditing purposes, it can be included in the
the authorization. For example:
Authorization to deposit to account 123456 as Joe User.
There are any number of approaches to providing secure
authorizations, some of which can be bookmarked in standard browsers.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345
Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos,
CA 95032
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
