1995-08-21 - Re: Certificates/Anonymity/Policy/True Names

Header Data

From: Carl Ellison <cme@TIS.COM>
To: mfroomki@umiami.ir.miami.edu
Message Hash: ecf4cc625a160444e32bd4c0c02371f1e9a3bb1e9ca4fd7f2794ef8137bb5adf
Message ID: <9508211437.AA29550@tis.com>
Reply To: <199508182054.NAA16103@comsec.com>
UTC Datetime: 1995-08-21 14:49:15 UTC
Raw Date: Mon, 21 Aug 95 07:49:15 PDT

Raw message

From: Carl Ellison <cme@TIS.COM>
Date: Mon, 21 Aug 95 07:49:15 PDT
To: mfroomki@umiami.ir.miami.edu
Subject: Re: Certificates/Anonymity/Policy/True Names
In-Reply-To: <199508182054.NAA16103@comsec.com>
Message-ID: <9508211437.AA29550@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


>Date: Fri, 18 Aug 1995 14:47:55 -0400 (EDT)
>From: Michael Froomkin <mfroomki@umiami.ir.miami.edu>

>You have decided to allow the private CAs to issue certificates of varying
>degrees of corroberation so long as the degree of verification used is
>deducible from the certificate.  E.g. a certificate might say "we check
>the passport"; or "we check driver's license" or "we took blood, hair,
>fingprint, retinal scan and first-born child".  It might even say "we
>checked nothing".  You have also decided that a CA may issue a certificate
>in the name of a pseudonym, so long as the CA retains information about
>the True Name.  Now the issue arises as to whether one should allow the CA
>to issue certificates to pseudonyms where it has *no record* of the real
>identity of the person proffering the key pair. 
>
>Is there any reason why a person would want such a certificate?  

I see several reasons, but I don't see a reason for a CA in this case.  The
key being signed can serve in place of the CA's key.  That is, the key can
be self-signed.  All that needs to be proved in this case is that someone
owns the private key which goes with the public key.

As for what good that key is --

Prior to our meeting in person this year, all you knew about me was by my
postings.  If I had signed all of them with the same self-signed key, then
you would know that all of those postings came from one "person" (the set
of people, presumably only one person, with access to the private key).
The postings define the person, in your mind, and you are absolutely
certain that they came from that person (defined as I did above).  You
don't need any further certification to attest to that fact.

No economic impact, you say?

My postings could have been S/W.  You could have tried my S/W and liked it
-- hiring me to do work for you privately.  In all this process, we need
never meet.  If we don't meet, it doesn't matter what my blood type is or
if I have a driver's license or a passport.  I could even be a small,
silver-skinned alien who is perpetually in hiding.

No money transfer, you say?

Wells Fargo bank (an innovator) could initiate public-key bank accounts.  I
would open the account by sending them a self-signed public key.  They
would use that key as my bank account number.  Anyone would be allowed to
deposit money into that account (e.g., using CyberCash transfers).  Only I,
the person holding the private key, would be permitted to transfer funds
out.

Again, in the Internet, nobody knows you're a dog-faced alien sea creature.

 - Carl






Thread