Policy-Discussion

[Ian G <iang AT systemics.com>]

Sven Anderson wrote:
> Duane, 13.01.2007 00:26:
> > Sven Anderson wrote:
> >
> > > Good point, why does CAcert collect the birthdate? As it doesn't apprear
> > > in the certificates, it is just an hidden feature for investigators? If it
> > > is not neccessary for the issued certificates, I would not store it, or do
> > > I miss something?
> > The reason it is collected is simple. Names aren't unique, email
> > addresses aren't always unique and dates of birth aren't unique, but
> > combined the uniqueness is a lot higher, and possibly as high as you
> > will ever get on an individual without something far more invasive like
> > a DNS test.
>
> But for what do you need a higher uniqueness than that of the data in
> certificates?


This seems to raise a good point.

On one side, the birth date is often found in the ID docs so 
it creates a better match to the documents themselves.  That 
makes Assurance more "positive."  ... but it represents a 
practice of recording some number on the passport in order 
to make it more accurate;  whereas passport numbers and 
passport photocopies are deliberately not recorded. 
Certainly a passport or Id number would be far better if the 
goal were uniqueness.

On the other side, why do CAcert themselves need that 
uniquness?  Presumably they can distinguish the person 
accurately enough by means of other things like the forms, 
the assurance process, the account, the email address...

Some thoughts!

iang