1997-02-13 - Re: anonymity and e-cash

Header Data

From: Hal Finney <hal@rain.org>
To: cypherpunks@toad.com
Message Hash: abeb4da60f9c85d7f98e500e7af74b1bb5ec6508a85914f04aa37ab764f47180
Message ID: <199702131443.GAA01435@toad.com>
Reply To: N/A
UTC Datetime: 1997-02-13 14:43:00 UTC
Raw Date: Thu, 13 Feb 1997 06:43:00 -0800 (PST)

Raw message

From: Hal Finney <hal@rain.org>
Date: Thu, 13 Feb 1997 06:43:00 -0800 (PST)
To: cypherpunks@toad.com
Subject: Re: anonymity and e-cash
Message-ID: <199702131443.GAA01435@toad.com>
MIME-Version: 1.0
Content-Type: text/plain


From: Sean Roach <roach_s@alph.swosu.edu>
> Here is another idea.
> The merchant and customer agree on a price, with the merchant knowing that
> the "bank" will take a cut for their services.
> The merchant and customer both LOG IN to the bank seperately, each type in
> their agreed upon price and cut & paste in the services rendered
> information.  If they match, the bank makes the necessary transaction
> between the accounts, e-cash stash, etc.

This provides no anonymity with respect to the bank, right?  The bank
knows who is paying whom.  That's not very valuable IMO.  The bank is
still a centralized place where all this transaction information exists,
a fat target for privacy opponents.  I'd say that anonymity to the
bank is more important than anonymity to the merchant for this reason.
So I think you're going at this backwards.

> Another idea that has been festering.  If we could get a CPA involved in
> this forum, I would be willing to have h[im/er] sign my key, (which is
> seldom used, mostly because this is the only place I use e-mail), for that
> reasonable fee that CPA's can charge.  I know that it is not a standard, or
> even legally recognized, post for CPA's, but I think that enough people
> would trust them.

The big question with identity certificates is what procedures were followed
in verifying the identity when the cert was issued.  If the CPA publishes
some standard method, and his reputation is strong enough that people will
trust him to follow it, then it might well be worth money to you to have
him sign it.  This is the traditional role of the Certification Authority.

> This would take care of some of the "newly minted" key problems.  Since
> getting someone who is trusted to sign your key is a recognized method of
> getting people to believe you are who you say you are.

It depends on the circumstances where you expect to use your key.  Within
a small to medium circle of associates there may be some group members
who sign keys and are trusted by other members of the group.  There is
no particular reason for it to be difficult.  If you want a signature which
will be accepted by everyone in the U.S. you have a harder problem.

Hal






Thread