From: Carl Ellison <cme@TIS.COM>
Date: Fri, 1 Dec 1995 03:23:50 +0800
To: jlasser@rwd.goucher.edu
Subject: Re: The future will be easy to use
In-Reply-To: <Pine.SUN.3.91.951130123535.3869B-100000@rwd.goucher.edu>
Message-ID: <9511301819.AA11933@tis.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

>Date: Thu, 30 Nov 1995 12:39:50 -0500 (EST)
>From: Jon Lasser <jlasser@rwd.goucher.edu>

>  I'm positing someone's 
>using a stolen credit card number. [...] If I'm a merchant, I'm 
>going to really want (if I know it's possible) to ship only to what's 
>been "the address on the card" (or, in reality, in the database under the 
>card's number) so that it's harder (not impossible, harder) for people to 
>defraud me.

I'm not sure that's the reason, but there are merchants who insist on
shipping to the card's billing address.  This happens to me when I'm using
a credit card by phone, so the merchant has no signature on file.  For lack
of that proof that I'm me (as opposed to some inmate in a local prison
(actual case I heard about)), if they ship goods to the same address that
writes the actual check for the goods, there's added safety.

For a world with my non-certificates, this is achieved by a pair of
attribute statements:


- -----BEGIN PGP SIGNED MESSAGE-----

Signing-Key-ID: bc2cb00144f223498fcc074eabb821d0
Signed-Key-ID: e05c601c4ec4af3aeb54a53171ed65da
Meaning: checking-account: 116 94265, First Security Bank

- -----BEGIN PGP SIGNATURE-----
[...]   signature with First Security Bank's key (bc2cb0...)
- -----END PGP SIGNATURE-----



- -----BEGIN PGP SIGNED MESSAGE-----

Signing-Key-ID: e05c601c4ec4af3aeb54a53171ed65da
Meaning: I receive packages (especially UPS and FedEx) at:
	Carl Ellison
	c/o Trusted Information Systems
	3060 Washington Road
	Glenwood MD 21738
	(301) 854-6889

- -----BEGIN PGP SIGNATURE-----
[...]   signature with my key (e05c60...)
- -----END PGP SIGNATURE-----


The first gives the necessary hook for the merchant to establish that key
e05c6... has money to spend, if the merchant feels the need to check.  The
second establishes a shipping address for that key.

Note that the word "I" in the second attribute statement means "the person
who knows how to make the attached signature with key (e05c60...)"  rather
than "Carl Ellison" (although, in this case, they're the same).

The shipping address could be anonymous:

- -----BEGIN PGP SIGNED MESSAGE-----

Signing-Key-ID: e05c601c4ec4af3aeb54a53171ed65da
Meaning: I receive USPS packages at:
	P.O. Box 360
	Glenwood MD 21738

- -----BEGIN PGP SIGNATURE-----
[...]   signature with my key (e05c60...)
- -----END PGP SIGNATURE-----



 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      cme@tis.com    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBML31ZFQXJENzYr45AQHk1QQAplkBXXZ+tSiBA2B/0FbJtFkYabNJcC7T
lkDEG/jZVANhonX5KKRgwKwzg1cfMCAlbbe0s+3HLTMg5yj9Fw4UD/U0mgZ31HGo
16iqbOqoVpknI5qSHVH/p2QMKHb3N1wKOEH3VJc21mkO+5W77p0mXywvW5zJrRHR
qllQdZ3Xde0=
=UU9f
-----END PGP SIGNATURE-----

BTW -- I don't have a PO Box at Glenwood.  (cme)