At 02:38 PM 2/14/96 -0500, you wrote:

Suppose Alice is a CA who issues anonymous age credentials. Bob is 15 Carol is 25

Carol gets a legitimate anonymous age credential from Alice bound to an anonymous public key generated for this purpose. Carol then gives the key pair to Bob. Bob uses to do things only adults are legally permitted to do. (It's not bound to Carol's everday keypair because that's not anonymous....)

What can stop Bob and Carol from subverting a scheme that relies on anonymous age creditials in this manner?

If the answer is "nothing" this might mean that purveyors of "adult" material might have no defense against a law requiring that they collect a True Name + age creditential....

A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's warm here.

I believe the answer is nothing ... but the situation is no different than Carol going into Le Sexxey Shoppey, buying a porn-pack of restricted material, and then giving it to Bob. As has been said in this forum and others before, in the limit all access control comes down to positive identification of an individual. Unless We, the People, want to support permanently binding a traceable, non-anonymous identity to all certificate attributes that are used in electronic exchange (age, etc...) then there is going to be the potential for someone to deliberately allow their credential to be misused. IMO, to prevent this totally would require implanting a non-forgable i.d. chip in everyone at birth ..... not very appealing.