Policy-Discussion

[Iang <iang AT iang.org>]

Bernhard Froehlich wrote:

> > I would like ideas regarding CAcert policy for names, so we can actually
> > serve people without creating more problems than we already have, and
> > eventually solving some.
> >   
> The only idea that occured to me: The name(s) have to be the same on the 
> ID document.
> Of course this creates new problems, like names in unusual character 
> sets or lots of names on the document, different capitalisation and 
> several more.


Right, so if you have two authoritive documents that have 
two different names on them, which do you pick?

Is it possible to have one true name?  Or two true names?  Or?

Americans like to tell the story about how, in the last 
century, they arrived at Ellis Island (near the Statue of 
Liberty) and the immigration officer would rewrite their 
name according to how the latter could write it.  At this 
point the new immigrant would then potentially have two 
names ... both valid depending on what continent they were on.


> I guess we'll have to leave the final decision to the assurer, who may 
> accept "locally well known" variants on names.
> For example one thing I always considered ok was the german "eszet" (ß) 
> character which is represented in ID cards as SZ, since ID cards only 
> use capital chars. But of course the name might have been czech or 
> hungarian where "sz" is a not so uncommon combination...


It's also a systems issue.  Does the system support more 
than one name?  What happens if all assurers don't like the 
one name in the system?

Also, see Sebastian's grumbles about x.509.

These details are important to CAcert because the assurance 
process makes a statement.  What is that?

(Recall what Peter W said a while back .. "never forget that 
Verisign does the equivalent of a D&B lookup" or words to 
that effect.  That is, they don't check your name, they 
check your credit.  By way of contrast :)

iang