Re: Anonymous Auth Certificates [was: Re: Blinded Identities]
From: azur@netcom.com (Steve Schear)
It seems that one crux of the problem revolves around the CA and its method of certificate issuance. A CA which uses biometric data to reduce/eliminate the chance that an applicant could get several, unrelated, certificates issued would provide a basis for negative authentication (similar to a negative credit file).
Yes, biometric data is another way of preventing multiple credentials. However it will not work well in electronic form. What you'd need would be a network of stations to take fingerprints and give credentials, ("is a person" credentials) which would then be used for getting access to other services where you're supposed to only use them once (voting for example). This requires a fairly elaborate infrastructure and social commitment to this solution to the problem. Somehow too it is hard to see how to sell a system as a privacy enhancement when its first step is to take fingerprints of the whole country. "But we're not saving your names, honest!" I don't know if it would fly. Tim May argues that alternative solutions which are more local will be better. In the case of the abuse situation, maybe you could just have people put down a deposit of $100 or so. Then they get an anonymous credential which they can use for access. If they abuse their access, their credential gets disabled. As long as their abuse is worth less than the deposit you'll be OK. And at any point they can turn in their valid credential and get their money back. No identities are needed at any point in the scheme.
A one-way function performed, by the client, on their certificate from this CA would yield a token which unambiguously binds it to a valid certificate of the CA (and therefore uniquely identifies them) w/o revealing the certificate itself.
Actually I think you need to use a blinding protocol when you acquire the certificate, rather than trying to run a one-way function on the unblinded cert. The output of a one-way function looks random and meaningless unless you supply the input. And if the input identifies the user then you've lost the anonymity. Hal
At 10:33 AM -0800 10/18/96, Timothy C. May wrote:
Indeed, I believe "identity is just another credential," not necessarily very important. I sometimes exaggerate this point a bit by saying, "Your key is your identity." Carl Ellison made a similar point, yesterday.
(By "identity" I mean the popular notion of unique, biometric, True Name identity. Other forms of identity exist as well, such as usernames (bound to passwords), phone numbers, corporate names, etc.)
Sorry. By inserting the parenthetical clarification of what I meant by "identity," I may have confused things. The "identity" as unique, biometric, True Name form is much different from the "your identity is your key" form. While some deep philosophical issues are no doubt involved, all I mean is that there are different operational definitions. And I have had almost no need to verify the physical identity of anyone I have ever dealt with, which tells me something. (Nor does anyone I know ever ask me for proof that I am Tim May, and not someone else. Occasionally I am asked to flash my California Driver's License, but that's about it. Much more important is that I have certain credentials--tickets to theaters, an admission card to my health club, etc.) Physical identity just ain't what's it's cracked up to be. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
At 8:20 AM -0700 10/18/96, Hal Finney wrote:
Somehow too it is hard to see how to sell a system as a privacy enhancement when its first step is to take fingerprints of the whole country. "But we're not saving your names, honest!" I don't know if it would fly.
Tim May argues that alternative solutions which are more local will be better. In the case of the abuse situation, maybe you could just have ...
Indeed, I believe "identity is just another credential," not necessarily very important. I sometimes exaggerate this point a bit by saying, "Your key is your identity." Carl Ellison made a similar point, yesterday. (By "identity" I mean the popular notion of unique, biometric, True Name identity. Other forms of identity exist as well, such as usernames (bound to passwords), phone numbers, corporate names, etc.) Identity--the True Name sort--is sometimes useful, but is often given exaggerated importance. For example, I've met "Hal Finney," but, for all I know, he's as fictional a person as "Lucky Green" is. In fact, it was not until fairly recently that I even learned "Lucky Green" is not his True Name...I had assumed the "Lucky" part was a nickname, of course, but that the "Green" part was real. I had no reason to suspect otherwise, no need to demand proof of his True Name (such as things are here in the U.S.), etc. The "is-a-person" debate is one we should be careful to consider the real issues for. As Hal (or whomever he is) notes, starting with a comprehensive data base of True Names, fingerprints, etc., and binding them to is-a-person credentials is potentially very dangerous. (And from a libertarian/anarchist point of view, I don't want to pay for such a Big Brother infrastructure, nor do I think it gets at the real issues. If identity is just another credential, and the exchange of credentials is based on mutually agreed-upon arrangements, then mandating an identity credential is a Bad Thing.) --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (2)
-
Hal Finney -
Timothy C. May