Miscellaneous questions
dan at geer.org
dan at geer.org
Thu Apr 24 14:45:02 CEST 2008
> Although commonly used, a name is not a good measure for identity.
My reply is probably very nearly pedantic, but the question
raised is a venerable one: Do you want your system to be
name-centric or key-centric. A name-centric system is one
where the name is the identity, per se, and the key is an
attribute of that name. A key-centric system is one where
the key is the identity, per se, and the name is an attribute
of that key. By analogy, just as there are advantages and
disadvantages when comparing bearer bonds versus registered
securities, there are advantages and disadvantages when
comparing name-centric versus key-centric systems. A reference
to an early discussion of binding would be Carl Ellison's 1996
USENIX paper, found at http://world.std.com/~cme/usenix.html.
Within an enterprise, name-centric might be the better
choice as moves and adds are the principal things that
happen to individuals and their roles. As an individual,
I prefer key-centric as I've a fairly strong bias toward
preserving the benefits of pseudonymity in the face of
spreading surveillance.
YMMV,
--dan
More information about the Gnupg-users
mailing list