Subject: A better approach to security
List archive
- From: Philippe Teuwen <phil AT teuwen.org>
- To: A better approach to security <cacert AT lists.cacert.org>
- Cc: Policy-Discussion <cacert-policy AT lists.cacert.org>
- Subject: Re: [CA cert] How and which name to assure
- Date: Fri, 28 Mar 2008 23:05:00 +0100
Just my 2 cents, to illustrate Belgium case.
Talking only about official governmental papers:
My full name (as on the birth doc) is
Philippe Yvon Fredy Colette Ghislain Teuwen
(yes, I've 5 firstnames, really!)
On my old ID cards (< 2005), it was mentioned:
Philippe Yvon Fredy C. G. Teuwen
On my new electronic ID card (2005), it's mentioned (printed & stored in
the chip):
Philippe Yvon F. Teuwen
(this was standardised as such officially for the eID:
full 1st & 2nd names, abbr. 3rd name and that's it + family name)
On my driving license (2006, so after the eID):
Philippe Y. F. C. G. Teuwen
FYI I got certified by CACert as "Philippe Y. F. Teuwen" as I've chosen
the common denominator of both eID & driving license.
I saw in early discussions some rigidity such as you cannot abbreviate a
second firstname which is written in full on the ID (I remember the
Donald Dagobert Duck -> Donald D. Duck forbidden)
But clearly this cannot work with e.g. my case. as strictly speaking
I've contradictory identity papers.
And the name I chose (Philippe Y. F. Teuwen) is, strictly speaking, on
none of my ID papers.
I do not want nicknames to be certified as they are not provable during
a simple CAcert face-to-face.
But we for sure need some flexibility regarding the official names.
IMHO, what is acceptable as CAcert name:
The name as on (at least one of) the IDs.
Middle names can be abbreviated or omitted.
First name and last name must always be present.
I don't give any advise about ö -> oe as I'm not German :-)
But forcing the use of ö obligatory just to see if all clients can
handle SSL certs properly with UTF8, hum hum...
Anyway as Johan said, if my name is (really) Jerry Hall I can spoof any
other Jerry Hall in the world.
A certificate guarantees that the owner is really officially called as
he pretends, but it does not guarantee he is the Jerry Hall *you* know.
CACert cannot prevent this kind of fraud but maybe it should help a
posteriori e.g. by storing some info available upon a judge request,
such as ID number or street address (but in other countries with loosy
IDs such as US&UK this could lead to ID theft by the Assurers :-( )
If we cannot solve the problem at once for everybody, maybe we could
have some rules per nationality to reflect the so called cultural
differences? India comes also to my mind as there most people have one
single name, not 2.
How do other CAs proceed?
Phil
-
Re: [CA cert] How and which name to assure
, (continued)
- Re: [CA cert] How and which name to assure, Jeremy Hall, 03/28/2008
- Re: [CA cert] How and which name to assure, Pete Stephenson, 03/28/2008
- Re: [CA cert] How and which name to assure, Jeremy J. hall, 03/28/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/28/2008
- Re: [CA cert] How and which name to assure, Jeremy J. hall, 03/28/2008
- Re: [CA cert] How and which name to assure, Bryan Stenson, 03/29/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/31/2008
- Re: [CA cert] How and which name to assure, Sam Johnston, 03/31/2008
- Re: [CA cert] How and which name to assure, Guillaume ROMAGNY, 03/31/2008
- Re: [CA cert] How and which name to assure, Johan Vromans, 03/31/2008
- Re: [CA cert] How and which name to assure, Philippe Teuwen, 03/28/2008
- Re: [CA cert] How and which name to assure, ttw+cacert, 03/31/2008
Archive powered by MHonArc 2.6.24.