From: Scott Brickner <sjb@universe.digex.net>
Date: Fri, 6 Oct 95 15:29:03 PDT
To: tcmay@got.net (Timothy C. May)
Subject: Re: subjective names and MITM
In-Reply-To: <ac99e72b260210048f1f@[205.199.118.202]>
Message-ID: <199510062228.SAA27940@universe.digex.net>
MIME-Version: 1.0
Content-Type: text/plain


Timothy C. May writes:
>If I understand your usage of "anonym" correctly, I think you are clearly wrong.

I think you understand my usage (anonym = untraceable pseudonym).  But
I still disagree with you.

I brought this subject up a couple of weeks ago (as the "inheritance
problem"), but was unable to really participate in the discussion as
things got a little busy.

A quick note on terminology:  I'll use "name" to mean a symbol which
may be easily traced to a physical entity, "pseudonym" to mean a symbol
which is traceable only under certain conditions, and "anonym" to mean
a symbol which is not traceable.

>The "linking with a unique person" is not especially important, IMO.

The reputation of an anonym is fundamentally different from that of a
name or pseudonym.  When a named or pseudonymous entity fails to
perform a contract, the pseudonym is exposed (becoming a name), and the
reputations of all names associated with the entity suffer.  Further,
creating a new name doesn't help, as it gets the reputation of the
other names.

There are basically two kinds of pseudonyms that I can see:  I'll call
them escrowed identities and encrypted identities.  With an escrowed
identity, an escrow agent knows who I am and part of our contract says
they're permitted to reveal the name under enumerated circumstances.
An encrypted identity is one which is revealed by the act of violating
the contract - like the double-spending protections in e-cash - and the
KCA merely certifies that the tokens were created correctly.

Escrowed identities are vulnerable to "rubber-hose cryptanalysis" and
other forms of social engineering, but there are many sorts of
transactions which don't permit encrypted identities for technical
reasons.

In both circumstances, an involved KCA may attest to more than the
traceability of the identity.  The KCA may also certify that, at the
time of certification, the identity's reputation was "clean" with
respect to some standard.  Note that the KCA knows a *name* for the
entity, and thus imbues the newly created pseudonym with the reputation
of the name.  The entity still hasn't escaped a poor reputation with a
new pseudonym (if the KCA's reputation is trustworthy, that is).

In effect, names are two-way links between reputations and entities,
pseudonyms are one-way links from reputations to entities, and anonyms
are broken links between them.  Reputation credit will flow from a name
to its entity, and then flow back out to all the entity's other names.
Reputation debit will flow from a name *or pseudonym* to the entity and
then back to all the other names (but not pseudonyms).  Anonyms don't
transmit their reputation to anything.

The upper limit of credit worthiness in an anonym lies in the cost of
replacing it.  If I can create a new reputation for $1000, and you've
loaned me $1500, then I can abandon the old one at a profit of $500.
Clearly you can't extend me more credit than it will cost me to create
a new anonym.

Given the dearth of anonymity (or even pseudonymity) today, it seems
that the average entity doesn't value anonymity particularly highly.
How many people do you know that use credit cards for virtually
*everything*, simply because they value the convenience of a single
monthly statement and the security of not carrying cash more than they
value anonymity?  I know several.

This implies that the cost of creating an anonym must be fairly low if
they are to become commonplace, which further implies that the credit
worthiness of anonyms must be correspondingly low.

The next question is whether a low-cost anonym can ever expect to be
considered an "expensive" (and therefore credit worthy) anonym.  Let's
consider anonyms like Pr0duct Cypher and Black Unicorn, since you
always bring them up as examples of anonyms with reputation.

Certainly the entities behind these anonyms have a certain amount of
time and energy invested in them.  They *do* have a reputation, but
it's a reputation regarding the quality of their products.  If you were
to advance one of them $500 in consideration for writing some software,
and they took the money and didn't produce the software, how would that
hurt them?  Certainly they wouldn't be likely to get another such
contract --- it would be cash on the barrelhead from there on out, just
like any cheap anonym.  Their reputation for quality information and
freeware wouldn't change a bit.

There's clearly a large risk involved in loaning money to an anonym
with no reputation for paying back loans.  Only completed contracts
with named entities improve the anonym's reputation.  Contracts with
other anonyms or pseudonyms are unreliable indicators --- otherwise I
could create a hundred anonyms (or encrypted-identity pseudonyms) and
have ninety-nine of them report successful transactions to create an
artificial reputation.  Multiple contracts with the same named entity
are also unreliable --- I can falsely report successful transactions
with my own anonyms, too.  A small number of named entities may even
act in collusion to create an artificial reputation.

The credit reputation of the anonym is thus reliable only in proportion
to the number of named entities with which it successfully transacts.
Furthermore, a transaction with a traceable entity is implicitly
secured by the other assets of the entity, so the amount risked in a
loan is not the entire amount of the loan.  There's no reason for an
anonymous entity to hold any assets --- anything they need may simply
be held by another entity, and thus protected from seizure.  The amount
risked in a loan to an anonymous entity is the full amount of the loan,
so the credit limits for an anonym will grow *much* more slowly than
for traceable entities.

Assuming the existence of a reputable escrow agent for pseudonyms, the
cost to establish a given credit rating for a pseudonym is *much* less
than that for an anonym while the risk of undesirable disclosure is
only slightly more.  If the anonym is sought only for privacy, then
a pseudonym is a much better buy.  It's when the cost of disclosure
is very high that the anonym becomes desirable.  So what sort of entity
has so much to lose by disclosure that it's unwilling to accept the risk
involved with a pseudonym escrowed with a reputable agent? (Remembering
that we're talking about a world that's sufficiently changed as to
permit anonyms at all --- something I don't think can happen in America
today, for instance.)  Would you want to do business with them?