[cryptography] Definition of Identity (was Re: key management guidelines)
iang at iang.org
Sat Sep 4 20:51:31 EDT 2010
On 5/09/10 3:08 AM, Arshad Noor wrote:
> Ian G wrote:
>> On 4/09/10 4:21 AM, travis+ml-rbcryptography at subspacefield.org wrote:
>>> It's too bad there isn't a notion of identity seperate from keys.
>> The problem with all this is there is an assumption that we can
>> accurately model an identity in any form. In practice, we can't. In
>> more theoretical terms, we can't even define identity, let alone
>> design a single system to capture it.
> With all due respect, I would beg to differ, gentlemen. All of you have
> touched upon the answer, but did not precisely define it. Ray came very
> close to it in his very interesting posting, but again, did not express
> it succinctly.
> Very simply: identity is a set of attributes of a transacting party,
> relevant to the transaction's context.
The point being, perhaps, that we can define it, but the definition is
so far away from where OP was thinking that it is totally useless.
E.g., travis wants own identity in the PGP key. Yet your definition
calls for capturing the identity of a newspaper.
We're now talking about identifiers and OOP and capabilities and
fundamentals of data, not what humans think of their "identity".
It's a bit like defining Travis's identity as the set of actions that
erupt from movements of the collection of atoms bounded by the clothing
OpenPGP can still do that, but it misses the point by a layer or two.
We do not have a way to capture a bundle of attributes and make them
perform as per OPs desires. x.509 insists there is no bundle, or it
insists there is only an unchanging official bundle (CN, C, etc), so its
simplifications make it intractable in practice.
More information about the cryptography