1996-10-26 - Re: Anonymous Auth Certificates [was: Re: Blinded Identities]

Header Data

From: azur@netcom.com (Steve Schear)
To: hal@rain.org (Hal Finney)
Message Hash: 17afd96fab553be69ed2260530e86e867b5615f488d20ac6fa773d5ad9584fa4
Message ID: <v02130500ae96306f12a0@[10.0.2.15]>
Reply To: N/A
UTC Datetime: 1996-10-26 06:37:12 UTC
Raw Date: Fri, 25 Oct 1996 23:37:12 -0700 (PDT)

Raw message

From: azur@netcom.com (Steve Schear)
Date: Fri, 25 Oct 1996 23:37:12 -0700 (PDT)
To: hal@rain.org (Hal Finney)
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <v02130500ae96306f12a0@[10.0.2.15]>
MIME-Version: 1.0
Content-Type: text/plain


>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?
>
>Thanks,
>Hal

I guess I was mistaken about how rigorous identification checking was
performed at various CAs.  Verisign used to advertise three levels of CA
checking, although I can only find two on their Web site at this time.  The
lowest, Class 1, is simply tied to your email address and is inadequate for
my purposes.  Class 2 Digital IDs provide identity assurance by requiring
third-party confirmation of your name, mailing address, and other personal
information.  Although by no means bullet-proof dependence on Class 2 might
be a workable alternative to a substantial, up-front, money escrow (as
suggested) which I believe would make my service unworkable.

-- Steve







Thread