I'm not convinced that your last point is true. It appears that the signed Bobnet-access-number is still just a transferrable ticket. Charlie can place an order with Bob, forward the Bobnet-access-number to Alice, wait for Alice & Trent to do the blinding & signing tango, forward the signed Bobnet- access-number to Bob, and get the goods from Bob.
Charlie can't use the signed Bobnet-access-number to prove to Trent that he's Alice. In fact, since it's unblinded, Charlie can't even prove that he's linked to a particular validation performed by Trent. (If Alice foolishly gave him the blinded version too, he could show that he shares Alice's knowledge about this validation.)
I'm not convinced that your last point is true. It appears that the signed Bobnet-access-number is still just a transferrable ticket. Charlie can place an order with Bob, forward the Bobnet-access-number to Alice, wait for Alice & Trent to do the blinding & signing tango, forward the signed Bobnet- access-number to Bob, and get the goods from Bob.
Yes and no. It is just a ticket, except that there are time constraints. If Alice doesn't respond in some reasonable time while the protocol is going on, Bob quits. (I didn't say that explicitly, my mistake.) Part of what I was trying to say, but didn't say well, is that Alice can *always* act as a proxy, ie., she can always get a file and give it to someone else. But Sam can't bust Bob if Alice gives the file away. He'll have to go after Alice. The whole point of the exercise is to convince Sam that Bob hasn't given away any files to minors or Europeans or whoever else Sam feels shouldn't have them. This puts a whole new spin on the situation, a different sort of attitude than we usually have when we're talking about crypto protocols. The entire ecash system has to have integrity. If someone figures out how to forge or double spend ecash, it doesn't do the bank any good to say, "We didn't do it, this person with an account did it." But we can't keep erotica out of the hands of minors, or home grown crypto out of the hands of Europeans. That means that from a certain point of the view, the system as a whole won't have integrity. But no system can have integrity, because Alice can always act as a proxy. The point is to set things up so that: 1. Alice can remain anonymous 2. Bob can keep Sam off his back 3. Sam has to admit that the system, imperfect as it is, is as good as other systems. (Alice can act as a proxy, but she could do that at a liquor store or a pornography shop also. If Alice had to give her ID, she could still give away the file.) The through the looking glass aspect of this is that from a practical standpoint, there's no real difference between Alice giving away her credentials and Alice acting as a proxy. But Sam foists the upon us the necessity of arguing what are almost semantic points. If Bob always gives the files to people Sam says are ok, then Bob won't go to jail. It is true that Alice could act as a beard for someone in the transaction, but in my opinion it's not unreasonable to claim that if she does she's acting as a proxy. The attacker still has to go to Alice and say, "give me this file", and Alice still has to agree and interact with Trent in the moment to make it work. Going back to the liquor store analogy, Alice can go into the liquor store with a kid, have the kid point to a bottle on the shelf, go to the register, and then buy it. But she can't give her ID away to the kid and let the kid go to the liquor store on his own. Either way the kid gets drunk, but if Alice can't give away her ID, Bob won't have to worry about losing his license. Alice, of course, has to watch out for Sam.
3. is OK as long as Alice trusts Trent. The trick is selecting a Trent trusted by both Alice and Sam ;)
Very true.
-Futplex <futplex@pseudonym.com>