Re: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key Infrastructure Permanent Identifier to Proposed Standard

["Steven M. Bellovin" <smb@research.att.com>]

In message <200304101701.NAA26528@ietf.org>, IESG Secretary writes:
>
>Last Call to expire on: 2002-12-9
>
>	Please return the full line with your position.
>
>                    Yes    No-Objection  Discuss *  Abstain  
>
>
>Steve Bellovin      [   ]     [   ]       [ X ]      [   ] 

Permanent universally-unique names strike me as a singularly bad
idea in general, and even worse as specified here.  A name can only
be guaranteed to be unique (even in theory) within the scope of a
single CA; there's no way to make any assumptions if different CAs
are involved.  Sure, they're supposed to be URIs, but that's not
enforceable except by referring to the parent certificate, and if
you're going to do that why bother with a URI at all?  The notion
of using permanent identifiers in ACLs is even worse.

Beyond that, the comparison rules for UTF8 strings look wrong --
I'm glad there's a matching rule specified, but from the little I
understand about such things there will be a lot of complaints
about the lack of more CJK-friendly matching rules.