hal finney:
Chaum's system is complicated and requires a centralized agency which gives out all endorsement certificates, as well as an agency which validates pseudonyms. His system does allow for optional restrictions on nyms which, for example, would allow only one nym to be used in any given online forum. A user would not be able to control two different nyms in that place, although he could have different nyms in other parts of cyberspace. There might be some situations in which this duplication could be harmful (such as certain kinds of online voting systems) and Chaum's method does allow this restriction.
these identification systems ultimately fall back on `real world' identification systems such as birth certificates, social security numbers etc. which all can be readily subverted by a determined adversary. i wonder if in general, you `cpunks' feel that e.g. voting systems that restict pseudonymity (i.e., multiple votes by a single person) are `fair' or `judicious'.
The social problems of determining when writers should receive endorsements, how much credence to give to endorsements from unknown endorsers, how to appropriately display endorsements, and how to easily validate and verify endorsements proffered by others, are harder to solve.
what, specifically, is problematic about these? does chaum just ignore them? does he describe them in greater detail? as for `endorsements for unknown endorsers', it seems to me the reputation system you refer to is a sort of `reputation web' not unlike the pgp `web of trust' model. a pseudonymous credential has as much weight as the pseudonym originating the certification. i.e., if `a' signs `b's pseudonym, that `edge' in the `reputation graph' has as much weight as `a' has reputation. that is, it should not be possible to create a whole bunch of new pseudonyms, have them all sign each other, and then increase your reputation. this brings up an interesting idea. future cyberspatial citizens may develop an elaborate netiquette that describes how to maximize one's advantage through the use of pseudonyms. all kinds of strategies will ensue. is it better to have a few good pseudonyms, without diluting reputation, or a whole bunch of pseudonyms but a bit more diluted reputation? one of the problems with a positive reputation system is that it would workd for `d-type people' <g> whose reputation is primarily negative. a whole lot of people would like to put a negative credential on `d' so that they would limit his influence in all forums he visits, similar to the way that one could globally encourage someone else through `accreditation'. `d' would simply not propagate any negative signatures to his pseudonyms. could such a negative signature system be constructed? it seems possible with a centralized `trusted' server, but this is not an ideal solution; ideally one would like the system to be possible from the independent interactions of people who trust only themselves. this of course is the ideal cryptographic model, and the very best and finest algorithms (e.g. rsa) conform to it. the problem is similar to preventing double spending in a cash system. how do you enforce that a person `spends' a certain amount of information? there are no `laws of the conservation of information' as their are of e.g. mass as with a paper currency. in fact maybe the double-spending preventative techniques for cash systems could be translated to get a negative reputation and prevent people from not displaying credentials, even negative ones, they have accrued (just in the way people are forced to reveal if they are `printing money', i.e. spending spent money) personally i like chaum's emphasis (or recognition) that forums exist such that restricting pseudonymity in them is natural, fair, and rational, i.e. a desirable design goal. it seems to me that even beyond this, people should be able to construct forums where they demand (or comply, or agree, or whatever) that identity be known, or that it be totally ignored. given all this inquisitional witchhunting of my `true identity' (whatever the !@#$%^&* that is), obviously this forum is in the former category <g> what do you think, cpunks, should you have the right to ignore people regardless of the pseudonyms they use? again, i ask if it is possible to construct a system that protects anonymity but at the same time allows someone to filter all pseudonyms associated with another person. it seems that we have reached an impasse -- these are two very useful design criteria but they appear to be contradictory. on one hand we would like to censor all the `d-type' pseudonyms, but on the other hand we would want a `clean slate' for all of our own. it seems to me that is the purpose of developing a moral code or etiquette in cyberspace-- almost by definition that these codes apply to people who agree that an individual is ultimately responsible for their own actions, regardless of presence or lack of punishment, and agrees to a set of guidelines because s/he believes it constitutes civil behavior, not because `if i don't, i will get caught'. ideally we can develop moral codes where our algorithms fail us. or maybe not <g> pseudonymously yours, --tmp