Timothy C. May writes
Alice pays Bob a unit of money, then quickly Alice spends that money before Bob can...Bob is then revealed as a "double spender," and his identity revealed to whomver wanted it...Alice, IRS, Gestapo, etc. A very broken idea.
Correctly implemented, with offline cash that grows in each transaction until cleared online, this should reveal Alice's identity, not Bob's If we fear double spending we insist on the spender presenting an expensive identity, an identity that would be tedious or costly to replace. The larger the amount, the stronger our concerns of identity. But the identity is known only to the parties to the transaction. (Who may be different tentacles of the same biological person.) The tentacle trick is what makes the existing identity based checks on Bermudan and Hong Kong banks effectively anonymous. If we do not like the identity, we ask for online clearance.
I want to elaborate on this, even though I think most of Hal's points are made with off-line clearing in mind. I want to make the case for why on-line clearing is the One True Digital Cash.
Quite so. And with a smooth interface between the truly anonymous online cash and the controlled nomity offline cash - an interface sufficiently smooth that the spender rarely notices which his software is using, we can have the best of both worlds. It is all in the software interface, something notoriously lacking from existing implementations.
Off-line systems may be useful for paying for movies, toll roads, etc., but there the protocols can be set up to limit exposure to fraud. (Ontological constraints, such as number of movie theater attendees, etc., will limit the losses. Scams will likely still exist, but the problem seems manageable with some work.)
Exactly so. Like the use of slugs in vending machines.
IS PROOF OF PHYSICAL IDENTITY NEEDED?
No, but for offline cash proof of an identity that would be expensive or tedious to replace is needed.
This situation is as old as time, and has always involved protcols in which trust, repeat business, etc., are factors. Or escrow agents.
Exactly so. We need varied kinds of digicash, for varied situations, and a smooth interface between them.
REAL ESCROW AND TRUE NYMS
Long before the "key escrow" of Clipper, true escrow was planned. Escrow as in escrow agents. Or bonding agents.
Alice and Bob want to conduct a transaction. Neither trusts the other; indeed, they are unknown to each other. In steps "Esther's Escrow Service." She is _also untraceable_, but has established a digitally-signed presence and a good reputation for fairness.
Exactly so:
I apologize if this essay, while long, is not quite long enough to capture the ideas I wanted to express. To me, these are core ideas.
Keep going, you mentioned, rather than explained, the problem of local and extended clearing. It seems to me, that rather than the one true protocol, we need a collection of standardized protocol tools and anybody and his dog can issue his own protocol for his own purpose, and the other guys computer can understand it and can give its master a list of options of what how the deal can go sour and who to finger if the deal goes sour in a particular way -- tell its master who the the master is trusting to pay and when. -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com