1994-12-13 - Authentication vs encryption: CPs on the web

Header Data

From: Hal <hfinney@shell.portal.com>
To: cypherpunks@toad.com
Message Hash: c71f18a5e525d4c6e86f844769f4d2bfb102c802155f59a8d71134216afc2126
Message ID: <199412131744.JAA04700@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1994-12-13 17:44:50 UTC
Raw Date: Tue, 13 Dec 94 09:44:50 PST

Raw message

From: Hal <hfinney@shell.portal.com>
Date: Tue, 13 Dec 94 09:44:50 PST
To: cypherpunks@toad.com
Subject: Authentication vs encryption: CPs on the web
Message-ID: <199412131744.JAA04700@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

I notice in these discussions of security on the web that the topic blurs
back and forth between authentication and encryption.  Particularly when
discussing using MIME with security extensions to "secure" a document by
pre-signing it, this form of security does not add privacy.  It does
provide a useful service by allowing you to verify authorship, but my
interests are in using cryptography to protect privacy.  I think it is
useful to keep a clearer distinction between these.

I notice that the people who come to this topic from an institutional
point of view tend to be more interested in the authentication aspects.
This seems to fit better into the control-oriented mindset.  With
authentication you can track what people are doing better; non-repudiable
signatures could actually work in some ways against the signer.  I think
that may be one reason Phil Zimmermann is famous for not signing his
messages. :-)  But encryption can actually work against institutional
interests (compared to individual ones) by making it harder to keep track
of people's activities.

I exchanged email on this with Vint Cerf during the PEM standardization
process.  I objected to the fact that with PEM you could not encrypt a
message unless you signed it.  Now of course you can always fake the
signature if you need to but the principle seemed skewed to me.  Cerf
honestly could not understand why you would ever want to do this.  What
security could there be if the message were not signed, he wondered.
To me the issues are separate.  Encryption is used to make sure the
message is seen by only those for whom it is intended, and signatures are
used to verify the source of the message.  The choice of which of these
two transformations to apply should be up to the users.

I don't speak for other cypherpunks, but my interests with regard to web
security extensions would lie in the following areas.  I want to be able
to use the web and maintain my privacy.  I don't want snoopers on the net
or on my local machine to know which web sites I visit or what material I
download.  (This ties into the electronic cash issue - what use is
"anonymous" cash if everyone can see where I'm spending it and what I'm
buying?)  I also want to be able to hide my identity from the web servers
themselves, at least if this is mutually agreeable.  If a server wants to
accept only authenticated connections where it knows who the users are
that it is serving, fine.  But I want the options to be there.

I want to be able to make payments to access and download information
while protecting my privacy.  I don't want to be put onto mailing lists
or get my name into databases of people who like X without my permission.
This implies a range of payment mechanisms including credit cards,
digital checks, and digital cash.  And it also requires the privacy and
anonymity features above.

I want these features to be a matter of mutual negotiation between
client and server.  The protocols should not build in veto power for
either side over how much privacy the transaction includes (although
either side may choose not to participate if mutually agreeable terms
can't be worked out).  And therefore these features should not be
restricted to just a small fraction of transactions, where we drop into
"secure mode" momentarily so I can send my credit card number.  I want to
be in secure mode all the time.

This is IMO the standard cypherpunks wish list as applied to the WWW.
But it does not seem to match up with either the commercial or
institutional interests which are driving the standards process.  I
hope those CP's who are involved in these efforts can work to spotlight
the need for individual privacy.  We should give as much power, choice,
and control as possible to the individual end-users of the web.
Otherwise privacy is going to be very difficult to maintain in this
world of electronic commerce.

Hal Finney
hfinney@shell.portal.com

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQBVAwUBLu3dHRnMLJtOy9MBAQGZlwH+PYN4FahcHflm4XFPkaJE3h/QLY3lMZV5
BY4U7w7OwpVSTEUqDKd7SvjIg4tt14QI/DGGj0jyHbIS9lWew8U3rQ==
=QbAD
-----END PGP SIGNATURE-----





Thread