Alex Strasheim writes: [discussion and assumptions liberally elided]
1. Alice initiates a transaction with Bob. (Perhaps by asking him for a file.)
2. Bob generates a random number and sends it back to Alice.
3. Alice blinds Bob's number and sends it to Trent, along with proof of her validatability.
4. Trent checks Alice's proof, signs the blinded number, and then returns it to Alice.
5. Alice unblinds Bob's number, then sends it to Bob.
6. Bob checks Trent's signature and makes sure that the number he recieved matches the one he sent out. Then Bob processes Alice's transaction.
If Bob always follows this protocol, he can prove to Sam that he's followed the law. Alice remains anonymous. Alice can still transfer the file, but she has to give it away herself: she can't give away the ability to get it directly from Bob without giving away the ability to prove Aliceness to Trent.
I'm not convinced that your last point is true. It appears that the signed Bobnet-access-number is still just a transferrable ticket. Charlie can place an order with Bob, forward the Bobnet-access-number to Alice, wait for Alice & Trent to do the blinding & signing tango, forward the signed Bobnet- access-number to Bob, and get the goods from Bob. Charlie can't use the signed Bobnet-access-number to prove to Trent that he's Alice. In fact, since it's unblinded, Charlie can't even prove that he's linked to a particular validation performed by Trent. (If Alice foolishly gave him the blinded version too, he could show that he shares Alice's knowledge about this validation.) [...]
The main problems that I can see with this protocol are:
1. It's vulernable to traffic analysis. 2. Sam has to trust Trent, which he may be unwilling to do. 3. You can infer stuff about Alice from the kinds of requests she makes of Trent. Someone who always asks Trent for proof that he's not a felon might tag himself as a person who buys a lot of guns or ammunition, for example.
3. is OK as long as Alice trusts Trent. The trick is selecting a Trent trusted by both Alice and Sam ;) -Futplex <futplex@pseudonym.com>