Subject: A better approach to security
List archive
- From: Pete Stephenson <pete AT heypete.com>
- To: A better approach to security <cacert AT lists.cacert.org>
- Subject: Re: [CA cert] How and which name to assure
- Date: Thu, 27 Mar 2008 16:42:46 -0700
Johan Vromans wrote:
Bernhard Fröhlich <ted AT convey.de> writes:
Note rule 1: We do not assure anything which is not in an official
ID document. So if you want to use your nickname in a certificate
you first have to provide official ID docs containing them!
I don't know about other countries, but in the Netherlands there's a
big difference between official names (as they appear on IDs) and the
names people use. I don't think it is feasible to require people to
get assured by official name only. It will just not work.
Moreover, the use of official names will work against broad CAcert
acceptance, since a recipient of a signed document will simply not
recognize the sender as the person he knows.
Its the 'general standard' to require the name to be present on an
official ID. But we need to have a solution for this.
Agreed.
I think that reasonable[1] contractions or common nicknames should be permissible.
For example, my full name is "Peter Casey Stephenson", and it says so on my ID documents. I'm assured as "Pete Stephenson" by both Thawte and CAcert (even my Visa card has that as the name), as I use my nickname in all communications and interactions, and never use my middle name.
In American English, turning "William" to "Will", "Michael" to "Mike", "Richard" to "Dick", and so on is quite common.
I understand that CAcert, like Thawte, needs to have a high standard for assurances of ID, but I don't really see how using common nicknames and contractions in any way reduces the effectiveness of the assurance -- the individual still meets with assurers, presents photo ID, etc. I think a small degree of discretion on the part of the assurer should be allowed.
Just my $0.02 (for what it's worth these days...)
Cheers!
-Pete
P.S. If anyone is in the London, Paris, Bern, or Munich areas between the end of May and mid-June, I'll be traveling around to those cities doing touristy stuff, and it might be nice to meet some other CAcert folks. If you're not assured, I can do assurances for both Thawte, CAcert, and PGP's Webs of Trust.
[1] I live in the United States and speak English and a bit of Spanish. I have no idea what would be a "reasonable" nickname or contraction in, say, one of the numerous languages in use in Europe.
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-
Re: [CA cert] How and which name to assure
, (continued)
- Re: [CA cert] How and which name to assure, Pete Stephenson, 03/28/2008
- Re: [CA cert] How and which name to assure, Jeremy J. hall, 03/28/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/28/2008
- Re: [CA cert] How and which name to assure, Jeremy J. hall, 03/28/2008
- Re: [CA cert] How and which name to assure, Bryan Stenson, 03/29/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/31/2008
- Re: [CA cert] How and which name to assure, Sam Johnston, 03/31/2008
- Re: [CA cert] How and which name to assure, Guillaume ROMAGNY, 03/31/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/31/2008
- Re: [CA cert] How and which name to assure, Philippe Teuwen, 03/28/2008
- Re: [CA cert] How and which name to assure, ttw+cacert, 03/31/2008
Archive powered by MHonArc 2.6.24.