a lot financial institutions went to certificates/credentials that only contained an account number .... nothing else ... largely because of the huge privacy exposure of any kind of identify certificate (everything about you embedded in a certificate that is attached ... frequently totally in the clear ... or at least at the end-points on every transaction .... including intermediary points like merchants). It was then possible to show (at least in the financial transaction & relying-party-only certificates) that such certificates could easily be compressed to zero bytes. http://www.garlic.com/~lynn/index.html#aads in the online financial transaction case, the merchant is interested in the bank saying that the merchant gets the money ..... your identity isn't necessary for that ... and in fact, the EU directive of making point-of-sale transactions as anonymous as cash would also lead in that direction. First step is removing you name from the piece of plastic, then if the "plastic" credential doesn't have any identity .... why should there be a certificate at all. remail@aarg.net on 8/5/2002 6:25 pm wrote Adam Back writes:
To address privacy with for example Brands digital credentials, the underlying cryptography may be harder to understand, or at least less familiar, but I don't think using a toolkit based on Brands digital credentials would be significantly harder than using an identity or attribute based PKI toolkit. Similar for Chaum's credentials or other approach.
Sure, but how many pages would it take in the spec to describe the protocol? Especially given their turgid technical-writer prose? Brands took a whole book to describe his credentials thoroughly. In any case, I agree that something like this would be an excellent enhancement to the technology. IMO it is very much in the spirit of TCPA. I suspect they would be very open to this suggestion. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
participants (1)
-
lynn.wheeler@firstdata.com