From: Carl Ellison <cme@ACM.ORG>
Date: Fri, 18 Oct 1996 15:28:35 -0700 (PDT)
To: Hal Finney <hal@rain.org>
Subject: Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
In-Reply-To: <199610172233.PAA01850@crypt>
Message-ID: <v03007800ae8db2fd76bc@[168.143.8.144]>
MIME-Version: 1.0
Content-Type: text/plain


At 18:33 -0400 10/17/96, Hal Finney wrote:

>> >> I've been charged with developing an Internet service which needs to
>>assure
>> >> its clients of anonymity.  However, we fear some clients may abuse the
>> >> service and we wish to prevent the abusers from re-enrollment if
>> >> terminated for misbehavior. (In your example, it would be the person(s)
>> >> trying to discover the service host via flood).

>
>I don't see how authorization certificates solve this problem.  How
>would you determine if someone was qualified to receive an authorization
>certificate?  And what would you do to make them stop using the service
>if they abuse it, and to stop them from getting new authorization
>certificates?

You're right.  SPKI doesn't solve the whole problem, by itself.  You do
need to avoid ID certificates in the first place.  They have no use here
because he wants anonymous authorization.  He also wants it blinded.  SPKI
includes a construct for passing some authorization to anything signed by a
given public key.  That gives him his blinding.

However, he has an additional problem.  He's trying to set up what amounts
to a voter registration.  Rather, he appears to hope that someone else will
do so.  AFAIK, there is no currently proposed PKI which will do the (one
body:one valid cert) mapping he's looking for.  However, if he finds some
organization willing to do that, then he can use the SPKI certs to transfer
authorization (e.g., to log in on his service) to a key used for that
purpose by that organization.  Certainly, ID certs from VeriSign or GTE or
anyone else I've heard of don't fill that role.

As a native Chicagoan, I can attest to the difficulty of performing (one
body):(one vote) mappings   :)  [I know -=- slander of my beloved home town]

I'm also not sure we want anyone setting up such a service except for
voting.  There can be very bad societal drawbacks to a service like that.
It might be able to achieve all the evil which we decry when the idea of a
national ID card comes up.

 - Carl


+------------------------------------------------------------------------+
|Carl M. Ellison   cme@acm.org     http://www.clark.net/pub/cme          |
|PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2|
|  "Officer, officer, arrest that man!  He's whistling a dirty song."    |
+-------------------------------------------- Jean Ellison (aka Mother) -+