From: Jeff Weinstein <jsw@netscape.com>
To: cypherpunks@toad.com
Message Hash: f3623d1a3e9fe417305a8ae55ea4595513525e792650b5ddf40dba1ff598613f
Message ID: <30742DE1.588@netscape.com>
Reply To: <ac9961b42202100433c4@[205.199.118.202]>
UTC Datetime: 1995-10-05 19:15:15 UTC
Raw Date: Thu, 5 Oct 95 12:15:15 PDT
From: Jeff Weinstein <jsw@netscape.com>
Date: Thu, 5 Oct 95 12:15:15 PDT
To: cypherpunks@toad.com
Subject: Re: Certificates, Attributes, Web of Trust
In-Reply-To: <ac9961b42202100433c4@[205.199.118.202]>
Message-ID: <30742DE1.588@netscape.com>
MIME-Version: 1.0
Content-Type: text/plain
Timothy C. May wrote:
>
> I have often said "You are your key." That is, keys have priority over
> names, even True Names. The biometric True Name identity of a person
> holding a key is only _another attribute_ of the key. Maybe important,
> maybe not. It depends on the nature of the transaction.
>
> But I go further: a huge number of interesting applications of strong
> crypto have no connections at all with physical persons, let alone with
> True Names. Agents in computer transactions, applets fired across networks,
> agoric entities in computational ecologies, BlackNet sorts of markets, and
> on and on.
>
> The notion that a cryptographic key needs to be tied to a physical person
> is deeply flawed.
>
> The talk of certification authorities is OK, so long as the practice is
> _completely_ and "strongly" voluntary (*).
How about if the systems allows you to get a certificate that
has any name in it that you want, where the issuer makes no
claims about the identity of the owner of the certificate?
How about if the software lets the user decide which CAs they
will accept certificates from? Given these two features,
would you still consider requiring a certificate to be bad?
--Jeff
--
Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
jsw@netscape.com - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.
Return to October 1995
Return to “tcmay@got.net (Timothy C. May)”