This is a VERY positive idea! At 3:54 PM 12/6/95, Peter Trei wrote:

Actually, I've been thinking about this quite a bit recently. I'm building an SSL enabled server, and clent-side authentication may provide some help. I could see a user getting his or her public key certificate signed with different CA keys which assert any number of conditions, such as:

Key holder was born before (some particular date). Key holder has access to sales data for XYZ corp. Key holder is an adult who takes the first amendment seriously.

... and the server would recognize different CA signatures as permitting different levels of access.

This is something that could get two things done: 1. Protect ISPs and Web sites from claims they aren't taking any steps to block children. (I won't get into the "children should be allowed to appreciate the beauty of the human body" issue, just noting that an ISP or Web site could deny access to account holders under 18, or over 30, or whatever he wants to do.) 2. Get wider currency for the concept of digitally signed credentials, especially if these are _blinded credentials_, where the credential is for an age, say, and not an identity. (Standard Chaumian stuff, though likely to be nontrivial to implement.)

If your browser permitted you to select the key certificate used in setting up the encrypted link (and different certs or sets of certs could be protected with different passphrases), then Mom or Dad could use their I-am-an-adult credential to read www.xxx.com, while Junior could not. There *is* a loss of anonymity in this scheme, however.

There may be ways around the loss of anonymity. Ideally, with blinded credentials, But in the short term, through Web proxies and/or servers. For example, Sameer's c2.org could issue accounts to people who can prove they are over 18 (notarized copies of birth certif., passport, etc.). Sameer's system would then have a credential saying "this account name is over 18." (There is of course little that can be done about people who lend their accounts to minors, absent any effective biometric security measures. No current system, certainly not Exon-Coates, can deal with this.)

I realize that digital credentials are old hat on this list. The point I am making is that the pieces for doing this are here - we just need to assemble them.

(This is not to suggest that I am in favor of Exon/Coates in any way - I am not. )

I think this could be quite a good project, provided it is not trying to be all things to all people. --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."