In message <200304101701.NAA26528@ietf.org>, IESG Secretary writes:
Last Call to expire on: 2002-12-9
Please return the full line with your position.
Yes No-Objection Discuss * Abstain
Steve Bellovin [ ] [ ] [ X ] [ ]
Permanent universally-unique names strike me as a singularly bad
idea in general, and even worse as specified here. A name can only
be guaranteed to be unique (even in theory) within the scope of a
single CA; there's no way to make any assumptions if different CAs
are involved. Sure, they're supposed to be URIs, but that's not
enforceable except by referring to the parent certificate, and if
you're going to do that why bother with a URI at all? The notion
of using permanent identifiers in ACLs is even worse.
Is it any more wrong than using, say, an e-mail address? (Which