Certificates/Anonymity/Policy/True Names
I have a question which is of course purely hypothetical. Suppose you were designing the legal framework that would govern the operation of Certification Authorities (the people who issue certificates vouching for public keys used for digitial signatures), called CAs for short. The CAs will operate in a hierarchical model (not a PGP-web-of-trust model), with a state agency being at the root, and issuing certificates for private CAs. You have decided to allow the private CAs to issue certificates of varying degrees of corroberation so long as the degree of verification used is deducible from the certificate. E.g. a certificate might say "we check the passport"; or "we check driver's license" or "we took blood, hair, fingprint, retinal scan and first-born child". It might even say "we checked nothing". You have also decided that a CA may issue a certificate in the name of a pseudonym, so long as the CA retains information about the True Name. Now the issue arises as to whether one should allow the CA to issue certificates to pseudonyms where it has *no record* of the real identity of the person proffering the key pair. Is there any reason why a person would want such a certificate? In other words, given that the recipient of a digital signature will easily be able to check the value of the certificate (nil), won't the transaction/communication be in all ways identical to one where there was no certificate at all. So is anything of value lost by prohibiting such a certificate? I understand, of course, that in a world where the CA has no duty to check the client's representations, there is a somewhat farcical element to this debate, but this hypothetical problem involves group decision making and groups find themselves debating irrational things. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki@umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm
| I have a question which is of course purely hypothetical. [Description of a certificate with no backing deleted.] | Is there any reason why a person would want such a certificate? In other | words, given that the recipient of a digital signature will easily be | able to check the value of the certificate (nil), won't the | transaction/communication be in all ways identical to one where there was | no certificate at all. So is anything of value lost by prohibiting such | a certificate? I'll turn the question around, and ask, is anything of value gained by prohibiting such a thing? If not, why not let people pay for worthless things, should people so desire? Does the Government have a duty to prevent us from wasting our time or money? On another tack, I'll say, yes, there is something of value lost, and that is the easy creation of pseudonyms. Pseudonyms are useful for the creation of a persistant, although untraceable identity. Having those identities in the certification tree is, I suspect, as good a thing as the CA as a whole. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Fri, 18 Aug 1995, Adam Shostack wrote:
I'll turn the question around, and ask, is anything of value gained by prohibiting such a thing? If not, why not let people pay for worthless things, should people so desire?
because you have to pick your fights. If nothing's lost, there are other fish to fry. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki@umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm
participants (2)
-
adam@bwh.harvard.edu -
Michael Froomkin