daidoji
commented
3 months ago The section looks okay in addressing the problem in an informative way. However, a mandate that CA's publish what constitutes an "identity" for their particular instantiations of certificate chains may be a high burden for them. Similarly to Tim Bouma's comment was in slack on the review of his section, each instantiation of a "flavor" of x509 certificates will map to a certain set of identity characteristics and a governance model, of which CA's may or may not be fully adhering to.
If we are going to put work on entities to agree with this method without asking them it might be better to put this on RFCs/spec authors or list the ones we support and provide some method of adding themselves to a registry (or dynamically declaring their identifying tuples) in a schema. (Section 10 would be an example of a small registry).
Follow up from 2024-03-07 meeting, consult with @daidoji on issues raised in this section.
See https://trustoverip.github.io/tswg-did-x509-method-specification/#identifier-ambiguity.