From: "E. ALLEN SMITH" <EALLENSMITH@ocelot.Rutgers.EDU>
Date: Thu, 30 Nov 1995 13:43:08 +0800
To: jlasser@rwd.goucher.edu
Subject: Re: The future will be easy to use
Message-ID: <01HY8GNOCLCS8WYXCN@mbcl.rutgers.edu>
MIME-Version: 1.0
Content-Type: text/plain


From:	IN%"jlasser@rwd.goucher.edu"  "Jon Lasser" 29-NOV-1995 16:23:00.41

Not if you're encrypting a Credit Card transaction to ship physical 
goods.  In that case, I'm going to certainly want to link a key ID to a 
physical body (or at least address) if I'm the seller, so as to limit 
liability as best I can.

While this might not ultimately be important, early adopters of crypto on 
the net seem in general to be financially interested with an eye to limiting 
liability. They want linked keys.

There's a public-relations aspect to crypto which most systems not 
linking name -> key id fail.  This is the step necessary to get it out 
the door.

Unfortunately, it also appears counter to CP philosophy.

However, if you have optional linking of ID and name, shippers will only 
ship to keys with such attributes. Because just ID and address, it could 
be a "hit and run" type attack shipped to a safe maildrop.
---------------------------------
	If the transaction is via a Credit Card, it's the card issuer's
liability (and responsibility to determine creditworthiness), unless I'm badly
mistaken. If it's bank-issued ecash, then it's up to the bank to disgorge
physical dollars when ecash is presented to them. What's the risk in either
case?
	-Allen