[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key Infrastructure Permanent Identifier to Proposed Standard
- To: "'IESG Secretary'" <iesg-secretary@ietf.org>, Internet Engineering Steering Group <iesg@ietf.org>
- Subject: RE: Evaluation: draft-ietf-pkix-pi - Internet X.509 Public Key Infrastructure Permanent Identifier to Proposed Standard
- From: "Peterson, Jon" <jon.peterson@neustar.biz>
- Date: Thu, 17 Apr 2003 06:03:46 -0400
> Yes No-Objection Discuss * Abstain
> Jon Peterson [ ] [ ] [ x ] [ ]
>
As far as I can tell, this document allows organizations with some
relationship to CAs (government or corporate are the suggested options) to
create linkability between different certificates associated with an entity
- while this is justified by the fact attributes of an entity may change
over time (necessitating changes in subjects of certificates et al), it is
also clearly meant to be applicable to multiple certificates simultaneously
held by the same entity.
In the absence of any model governing the inclusion of permanent identifiers
in certificates or the use of this information by relying parties, this does
not sound likely to be a privacy-enhancing technology; however, I note that
the string "privacy" (let alone any privacy considerations) does not seem to
appear in the document. At least the document should include some caveat
that this identifer could be inflicted on purchasers of certificates without
their consent in order to bind their certs to a government SSN or
DoubleClick-style consumer profile that will be used by relying parties to
track them for potentially undesirable purposes.