From: tcmay@got.net (Timothy C. May)
Date: Sun, 5 Nov 1995 09:53:11 +0800
To: cypherpunks@toad.com
Subject: Credentials Without Identity
Message-ID: <acc154b62202100420bc@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Rich Graves makes some very good points, but he said something I want to
riff on.

(And as a measure of how apologetic some folks are getting about discussing
anything not on Perry's List of Approved Topics, Rich unfortunately labeled
his post "[ID point semi-off-topic]..." In fact, the issue of credentials
and identity is NOT off-topic, not even semi-off-topic. It is central to
the themes of our list. I urge all to read Chaum's seminal work on
"credentials without identity.")

At 1:05 AM 11/5/95, Rich Graves wrote:

>Proving legal residency requires a combination of two documents, one each
>from specified lists. Most commonly a driver's license, green card (which
>is actually pink), or birth certificate from list A, and a social
>security card from list B.
>
>Chris Hibbert's SSN FAQ talks a little bit about how this works, and why
>it's a Good Thing. Basically, for privacy and security reasons, it is a
>very good idea to separate the issues of identity and authorization.
>
>I don't care how securely you can authenticate who I am -- by PGP, retinal
>scan, whatever. I do not want a single digitizable token to be the key to
>my identity. Even if that identity cannot be forged (and everything can be
>forged), it can be used to track me, by the government, by the Direct
>Marketing Association, by the private investigators of certain wacky
....

Chris's (or Chris') points are admirable, but getting more and more
irrelevant by the day. The notion of unlinking identity and authorization
by separate pieces of identification is another form of "security through
obscurity."

The two forms of credentials can be linked in data bases. Just because one
piece of ID has citizenship or voting status and another has other stuff is
meaningless, provided the ID forms can be linked. As they can, in multiple
ways.

The credit tracking agencies can do this trivially, with names, social
security numbers, driver's license numbers, addresses, phone numbers, etc.
All are pointers into the cloud of numbers that constitutes one's dossier.

Happily, Chaum's work on "credentials without identity," based essentially
on the kind of "blinding" used in digital cash (with some differences, of
course), allows for one to display a credential showing one is old enough
to enter a bar or library (in 2005), without revealing a name (which is
just another credential).

--Tim May

Views here are not the views of my Internet Service Provider or Government.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA              | knowledge, reputations, information markets,
Higher Power: 2^756839      | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."