From: Bill Stewart <stewarts@ix.netcom.com>
Date: Thu, 5 Oct 95 08:40:24 PDT
To: cypherpunks@toad.com
Subject: Certificates, Attributes, Web of Trust
Message-ID: <199510051540.IAA23596@ix.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


Carl and I and others have been discussing whether the Web of Trust
ought to use certificates to tie keys to people or attributes.
It's taken a while to sink in, but I now think he's basically right :-) ;
on the other hand, it can also still be done using the ugly X.509 format.
This means that we can begin to go out and corrupt users who might otherwise
want Driver's Licenses for the Infotainment Superhighway into realizing
that the Net can give them _more_ privacy instead of less.

>Alternatively, I can have First Security Bank open account 01732 for me and
>create a certificate binding my public key to that account number.  Now, I
>can use that key to sign anonymous checks.  (The bank knows me, perhaps,
>but the payee doesn't need to.)  

Yeah.  Consider a slightly-abused Distinguished Name for a checking or
credit card.
/Account=01732/Type=Checking/Org=FooBank/Country=com/ with key aaa
signed  /Title=Accountsigner/Org=FooBank/Country=com/ with key bbb
        signed  /Title=MasterKey/Org=FooBank/Country=Com/ with key mmm
                signed  /OU=Corporate/O=Verisign/Country=com/ with key vvv

When you sign a check/credit card today, your name and signature are there
as vague verification for the payee and bank that it's authentic; with digital
signatures, the fact that you can sign a note saying "Pay $X to $Y Signed aaa"
is all the verification they need, though the name business makes it easier
for them
to find what attributes the signer had and how to get the actual money...
Even the account number could be the public key instead, but that's pretty long.
(Credit cards may be a slight wrinkle, since there are lots of laws about them.)

What the name also gives you is a handle to hang marketing data on.  Sometimes,
you may have that data from the transaction (card cccccc wanted 5 plutonium
widgets sent to Resident, 1600 Penn.Ave, WashDC 20017), sometimes you've got
less
(card cccccc wants to receive results of a stock search at IP address
199.35.212.164,
which is way less since that's just a Netcom port server :-)  

So a credit card or checking account with just an account number and key
gives you
_far_ more privacy than a current conventional one - even if it's not the full
mathematically subpoena-proof privacy that Chaumian digicash could give.

And if your bank wants to offer extra privacy, it can let you create
sub-accounts -
send a request for "Create Sub-account Key SSS Account AAA Parameters
p1,p2,p3" signed aaa,
and it sends you a new certificate /Account=NewUnique#/etc. with key SSS
signed by bbb.
So you can give everybody a different-looking check, at least if the cost is
low.

[> Key signing "I use this name" vs. names not being able to sign "I use
this key"]
I still think you often want both directions, especially for privacy.
(For authentication, anybody who's got the attribute you want or claim will
often do;
for privacy, you really want to identify the _person_ you're talking to,
so the attribute "where the _real_ Carl Ellison gets his mail" is important.
Pseudonyms have an easier time of this, as long as they start using their keys
at the same time as their names.)
#---
#                                       Thanks;  Bill
# Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---