Hello Michael Froomkin <mfroomki@umiami.ir.miami.edu> and Rich Salz <rsalz@osf.org> and cypherpunks@toad.com Original reason at end (after the reply).
But this is precisely the issue: what does the *certificate* get any of these people that a simple digital signature does not provide?
Protection from spoofing.
On Sat, 19 Aug 1995, Rich Salz wrote:
I think there are many people who might be willing to use an "anon CA" should it exist: Whistleblowers, perhaps Deep Throat would have used email
Certification is needed to avoid another person intercepting, re-signing, and substituting hir own key.
Any number of writers who have used psuedonyms and now want to get paid in ecash; Mark Twain?
Certification is needed to avoid another person diverting the ecash (a disputed unsigned key practically useless). In fact a much simpler attack is denial-of-service: simply dispute the key (send another one to the keyservers), and let the resulting uncertainty cut off the profits. Also, if you insist on govt-is-root, you need certified pseudonyms to set up a pseudonymous CA (ie a CA whose real identity is unknown). Hope that makes sense... Jiri -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two)