PKI creed (was Re: Trustworthy contacts)

Brian Gladman ukcrypto at maillist.ox.ac.uk
Sat, 16 Sep 2000 21:32:43 +0100 

----- Original Message -----
From: "Carl Ellison" <cme@acm.org>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: Saturday, September 16, 2000 4:44 PM
Subject: Re: PKI creed (was Re: Trustworthy contacts)


> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> At 05:58 PM 9/14/00 +0100, Brian Gladman wrote:
> >As you say, it certainly introduces the naming problem and here it is
> >somewhat ironic that we should now be discussing hierarchy since the lack
of
> >effective mechanisms for handling real world naming issues is partly the
> >result of standards designed to cope only with a world in which names are
> >unique because they can always be identified by a unique path in a
> >hierarchical directory structure.  At the time it might have been hard to
do
> >anything different but now that we know better it seems even harder to
> >change the direction in which this particular juggernaut is travelling.
> >
> >Despite SDSI and approaches that build on relationships between local
> >namespaces - which offer a closer match to the real world - most systems
> >designers still seem to be locked into a hierarcical world, being content
to
> >leave end users to fall into the nasty traps that this can spring on
them.
> >:-(
>
> The problem with hierarchical name construction (a la X.500) is that
humans
> don't look at the whole constructed name.  They look at the part they
> recognize (or the part of that that they think is important).
>
> The constructed name may be guaranteed unique and therefore a valid
> identifier, but that doesn't mean that when readers of the name extract
the
> part they like, that part is unique and an identifier.
>
> If you want to guarantee that, my suggestion is that you construct the
name
> (e.g., X.500 DN from some single naming root) -- and then do the SHA-1
hash
> of it and BASE64 encode it -- and use that encoded hash instead of the
> original name.  Now, no reader/user of the name is able to look at a
> sub-part and believe he/she knows what the name refers to.

Thinking about the issues of constructing unique names in the global
namespace from the names of companies in national company registers led me
to start thinking along similar lines.

I was interested to find the following for registered company names in the
UK:

http://www.companieshouse.gov.uk/notes/gbf2.html

But it does not take much reading of this document to realise that it is not
designed for the computer age.

If I read this correctly, I think it says that the somewhat disambiguated
printed, human readable company name must be a unique sequence of printed
symbols (from an unspecified set).  If a second name sounds similar to an
existing name (in an unspecified dialect) but is spelt differently it might,
or might not, be allowed. In addition there are provisions to avoid many
sorts of misleading names and a range of unacceptable and offensive words.
Certain words in company names also have to be cleared with other bodies.

If the non punctuation symbols are limited to those in normal written
english [a-zA-Z0-9] (this might be implied) the result looks to be unique
with the UK registered company namespace provided that a consistent
character representation is being used.

But I would not bet my life on it given the informality of the
specification.

      Brian