From: hal@rain.org (Hal Finney)
To: cypherpunks@toad.com
Message Hash: 277bc39a950cd08e03862a2098135548aa6ae52212f12a5333a24a3d5aa3a563
Message ID: <$m2n6818-.199610172233.PAA01850@crypt>
Reply To: N/A
UTC Datetime: 1996-10-21 14:04:39 UTC
Raw Date: Mon, 21 Oct 1996 07:04:39 -0700 (PDT)
From: hal@rain.org (Hal Finney)
Date: Mon, 21 Oct 1996 07:04:39 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
Message-ID: <$m2n6818-.199610172233.PAA01850@crypt>
MIME-Version: 1.0
Content-Type: text/plain
From: Carl Ellison <cme@acm.org>
> >> >Steve Shear <azur@netcom.com> writes:
> >
> >[much cut]
> >>
> >> I've been charged with developing an Internet service which needs to assure
> >> its clients of anonymity. However, we fear some clients may abuse the
> >> service and we wish to prevent the abusers from re-enrollment if
> >> terminated for misbehavior. (In your example, it would be the person(s)
> >> trying to discover the service host via flood).
> >>
> >> My thought was to base enrollment on some sort of 'blinding' of their
> >> certified signature (e.g., from Verisign) which produces a unique result
> >> for each signature but prevents the service from reconstructing the
> >> signature itself (and thereby reveal the client's identity). I'm calling
> >> this negative authentication.
>
> The mistake is to think of using ID certificates (like those from Verisign)
> in the first place. They don't mean anything.
>
> You want an authorization certificate, such as produced by SPKI. You need
> to know what a key is authorized to do, not what name is associated with
> the key.
(Sorry about quoting so much, but I liked Steve Shear's succinct problem
statement.)
I don't see how authorization certificates solve this problem. How
would you determine if someone was qualified to receive an authorization
certificate? And what would you do to make them stop using the service
if they abuse it, and to stop them from getting new authorization
certificates?
Thanks,
Hal
Return to October 1996
Return to “hal@rain.org (Hal Finney)”
1996-10-21 (Mon, 21 Oct 1996 07:04:39 -0700 (PDT)) - Re: Anonymous Auth Certificates [was: Re: Blinded Identities] - hal@rain.org (Hal Finney)