Re: Last Call: draft-ietf-pkix-tac (Traceable Anonymous Certificate)
Martin Rex <Martin.Rex@sap.com> Wed, 01 July 2009 15:41 UTC
Return-Path: <Martin.Rex@sap.com>
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4895C3A69FD for <ietf@core3.amsl.com>; Wed, 1 Jul 2009 08:41:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.587
X-Spam-Level:
X-Spam-Status: No, score=-5.587 tagged_above=-999 required=5 tests=[AWL=-0.330, BAYES_00=-2.599, DATE_IN_PAST_12_24=0.992, HELO_EQ_DE=0.35, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yvYCW2N3hveK for <ietf@core3.amsl.com>; Wed, 1 Jul 2009 08:41:41 -0700 (PDT)
Received: from smtpde03.sap-ag.de (smtpde03.sap-ag.de [155.56.68.140]) by core3.amsl.com (Postfix) with ESMTP id 2F1B53A69FB for <ietf@ietf.org>; Wed, 1 Jul 2009 08:39:58 -0700 (PDT)
Received: from mail.sap.corp by smtpde03.sap-ag.de (26) with ESMTP id n61FaqAr018459 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for <ietf@ietf.org>; Wed, 1 Jul 2009 17:36:52 +0200 (MEST)
From: Martin Rex <Martin.Rex@sap.com>
Message-Id: <200907011536.n61FaqOQ005829@fs4113.wdf.sap.corp>
Subject: Re: Last Call: draft-ietf-pkix-tac (Traceable Anonymous Certificate)
Orig-To: ietf@ietf.org
To: ietf@ietf.org
Date: Tue, 30 Jun 2009 21:20:42 +0200
In-Reply-To: <20090616134500.6B9E33A69EE@core3.amsl.com> from "The IESG" at Jun 16, 9 06:45:00 am
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 8bit
Sender: Martin.Rex@sap.com
X-Scanner: Virus Scanner virwal08
X-SAP: out
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: martin.rex@sap.com
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Jul 2009 15:41:42 -0000
The IESG wrote: > > The IESG has received a request from the Public-Key Infrastructure > (X.509) WG (pkix) to consider the following document: > > - 'Traceable Anonymous Certificate ' > <draft-ietf-pkix-tac-04.txt> as an Experimental RFC I'm having a serious problem with the terminology! The certificates in this proposal are definitely not anonymous, they're clearly and undoubtedly pseudonymous. Anonymity means "blending within a group", and the quality of the anonymity is the size of that group. Really good anonymity means that the group is in the magnitude of the world population. Most of the time, the group is significantly smaller, but there still remains the concept of blending within a group. The certificates described by this documents are unique, assigned to one single individual (I don't care how fancy the scheme is to reveal the original identity given they pseudonym). Since these certs also have a significant lifetime attached to them and are designed to be reused frequently, successive authentications can be linked, and they're similarly revealing about individuals as the frowned-upon pentium processor id. Therefore I would like to ask that the term "anonymous" is replaced by "pseudonymous" throughout the document before it is published as an internet draft. Regards, -Martin