From: Jiri Baum <jirib@sweeney.cs.monash.edu.au>
Date: Wed, 11 Oct 95 18:47:53 PDT
To: hfinney@shell.portal.com (Hal)
Subject: Re: Certificate proposal
In-Reply-To: <199510060419.VAA20574@jobe.shell.portal.com>
Message-ID: <199510120147.LAA13833@sweeney.cs.monash.edu.au>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

Hello Hal <hfinney@shell.portal.com>
  and cypherpunks@toad.com

Hal writes:
> >In article <DG06FE.IA8@sgi.sgi.com>, Hal <hfinney@shell.portal.com> writes:
> 
> >> OK, so suppose I want to send my credit card number to Egghead Software.
...
[previous reply elided]

What you are missing is that you should not say
  "I want to send my credit card number to Egghead Software"
you should say
  "I want to send my credit card number to 12 34 56 78 9A BC DE F0"

> I may not have been clear: the certificate I was referring to was the one
> from Egghead, the one which I will use to make sure that I have a valid
> key for Egghead.  Such a certificate would of course not have my credit
> card number; it would probably have some information related to Egghead.

The certificates you'd want are:
  * informal correspondence from your friends that 12 34 56 78 9A BC DE F0
makes good widgets/gadgets/whatzits.
  * a Consumers Association report saying that 12 34 56 78 9A BC DE F0's
widgets don't have sharp edges like 13 25 36 47 58 69 7A 8B's do and
that 43 65 87 09 41 61 BA ED's are less efficient (eg "Choice" magazine).
  * possibly a certificate from the bank that 12 34 56 78 9A BC DE F0
is a merchant (if using traditional CCs).
  * or a certificate from a guarantor company saying that if
12 34 56 78 9A BC DE F0 doesn't deliver they'll return your money.

> My rhetorical point was that information would most plausibly be a NAME
> by which I would refer to Egghead.  I am still trying to understand how
> these proposals to take names out of the picture will apply to a
> commonplace situation like this one.

Yeah, I just can't imagine myself at a party introducing myself
"Hi, I'm 08 04 26 6D 01 CD AB 8A  25 A9 E2 86 AD 13 C1 BA".

Then again I never was good at parties...


To start a new sub-thread: what if the man in the middle is actually
a behaviour-modifying parasite? At that stage even a physical meeting
won't do you much good (the parasite may be otherwise asymptomatic).

It's probably more likely than having 30 FBI agents assigned to your
case...


Hope I'm making sense... (well, they say that hope dies last, no?)

Jiri
- --
If you want an answer, please mail to <jirib@cs.monash.edu.au>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)
PGP EF0607F9 (but it's at uni so don't rely on it too much)

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i

iQCVAwUBMHxzWSxV6mvvBgf5AQHXawP/Xls4gWUwhTFoX9w4TYaKvqbK8MF+dxgS
JPmIWdfiEijbRb/qOLzU+7NJqZ3OqcR+Ylc8uBcQPhYJgOwDSta1BYm0OrYhb+PY
6ILXeulp/2T5Y061KrbkFgJ3Z5AcsFTCBad2pHQeIzdlIixv2JPT+qbb5iEkDkgA
ebEioYxWgP0=
=pFkN
-----END PGP SIGNATURE-----