At 2:40 PM -0800 2/8/12, Bill Frantz wrote:
On 2/7/12 at 11:55, k...@bbn.com (Stephen Kent) wrote:
Keys are not really great identifiers; they change,
Keys don't change. People or programs may wish to change the keys
they are using, but keys themselves are constant.
Touche! You're right, but since people do change keys, and using an
old key to represent a user would be confusing at best, I thought
that I could get away with the shortcut statement.
they are not human meaningful (and thus there has to be another
layer of mapping between key and human-readable IDs, which creates
more vulnerabilities), etc.
It the key represents an authorization, it may not need to be human
meaningful.
Authorization is managed by people; keys are not meaningful to people.
So, to use keys to represent authorization, one has to add a layer of
mapping, which creates more opportunities for errors. Hence, not a
great idea.
We get a lot of comments wanting to achieve some level of assurance
about identification. For most uses, we are more interested in
authorization than in identification. (If we need identification for
auditing purposes, it can be included in the the authorization. For
example:
Authorization to deposit to account 123456 as Joe User.
I agree that authorization is the primary motivation for identification,
but, since people manage authorization, we generally want to bind
keys to IDs. When IDs are not central to authorization, certs with
random names can be used, e.g., see RFCs 6480 & 6487.
Steve
_______________________________________________
therightkey mailing list
therightkey@ietf.org
https://www.ietf.org/mailman/listinfo/therightkey
