transaction bull***t] [Moderator's note: this is getting a bit off topic, and I'd prefer to limit followups. --Perry] On Wed, 2009-08-19 at 06:23 +1000, James A. Donald wrote:

Ray Dillinger wrote:

...

If there is not an existing relationship (first time someone uses an e-tailer) then there has to be a key depository that both can authenticate to, with a token authorizing their authentication to authenticate them to the other, which then vouches to each for the identity of the other.

Actually not.

What the seller wants to know is that the buyer's money is good, not what the true name of the buyer is - a service provided by Visa, or Web-money, or some such.

No. This juvenile fantasy is complete and utter nonsense, and I've heard people repeating it to each other far too often. If you repeat it to each other too often you run the risk of starting to believe it, and it will only get you in trouble. This is a world that has not just cryptographic protocols but also laws and rules and a society into which those protocols must fit. That stuff doesn't all go away just because some fantasy-world conception of the future of commerce as unlinkable anonymous transactions says it should. In any transaction involving physical goods, the seller also wants to know to whom to ship the product. Since the laws in most nations do not require the recipient of an erroneous shipment to return the goods and *do* require the seller to give back the buyer's money if the shipment doesn't go where the buyer wants it, sellers really care that the correct recipient will receive the package and really need some way to contact the buyer in case there's a mistake about the recipient address or identity. Otherwise you'd get people playing silly buggers with the shipping address to get out of paying for million-dollar equipment. The law usually requires that the recipient of defective goods or services has the ability to return those goods for a refund or obtain a refund in the event of seller nonperformance of services or nonshipment of goods. Since such returns can be used to launder money from illegal enterprises, laws usually restrict anonymous returns. Therefore the seller needs the buyer's (or client's) identity in order to comply with the law. In information-based transactions involving IP that's subject to copyright or trade secret protection (which is effectively all of them since other IP can be had for free) the seller also wants to know who is the licensee that's bound by the terms of the license and who now poses a "risk" of copyright breakage. In both cases this is a liability taken on by the buyer, and not something that his "money being good" for just the transaction price can ameliorate. In financial transactions The seller also wants to know that s/he can comply with, eg, "know your customer" laws and avoid liability for gross negligence in, eg, money laundering cases. In many transactions the seller wants the buyer's identity and a liability waiver signed by the buyer so as to keep track of or avoid liability for what the customer is going to do with his/her products. Most sellers want the ability to offer the buyer credit terms, especially when large sums are involved. And even where money is supposedly firm (like the money Bernie Madoff's clients had in their accounts) it is subject to catastrophic vanishment in extraordinary circumstances. The seller needs to know whom to sue or at least whose name to put on the forms for their insurance claim if contrary to expectations the buyer's money turns out not to be good. If the cert authority does not provide the identity of the buyer but asserts that the buyer's money is good, and this turns out not to be true (as in the case of Madoff's clients), then in most legal systems the cert authority is either liable, or can expect to be sued in a very expensive empirical test of liability. So the cert authority doesn't want to be in the business of vouching for the ability of anonymous people to pay. The only way for the money to be truly firm for these purposes is that the cert authority has it in escrow. This makes the cert authority a financial institution and therefore subject to "know your customer" mandatory reporting, data retention laws, subpeonas, and so on. Also, it introduces a needless delay and complication to the transaction that legitimate buyers and sellers would mostly rather not have. Also, in any large transaction the seller or cert authority or both must retain buyer identity information in order to be able to comply with subpeonas, inquests, or equivalent writs, for periods ranging from zero in a few undeveloped african nations to five years in much of the rest of the world. In most of the nations on earth, there is such a thing as sales tax or use tax on goods or services, and any transaction involving more than a tiny sum must be reported (with the names of buyer and seller) to relevant tax authorities. Even tiny transactions must be reported in aggregate, although these usually don't require the buyers' names. Since the seller has the legal obligation to report, s/he also has the legal obligation to collect identity information from his/her clients. Most nations are very sensitive about cross-border money flows, have tax laws that apply specifically to international transactions, and want to know such things as the buyer and seller identity. In this case it is the legal obligation of both buyer and seller in international transactions to collect whatever information their particular nation requires them to have and report it according to their particular nation's laws. And so on. Maybe in a cypherpunk world where there are no laws other than the natural laws of mathematics, no physical world in which goods have to be manufactured and delivered, no national borders or third parties having a tax or legal interest in transactions, no information other than valuable secrets subject to no post-sale copyrights or licensing, no liability laws or customers-rights laws whatsoever, no taxation, and a bunch of other bizarro-world conditions, the seller would not need anything more than the knowledge that the buyer's money was good. But that's like proving that a pig can fly starting from an assumption of an ideal, spherical pig of zero mass. It is not the world in which we live, unless we are black-marketeers in international waters, not subject to the laws of any nation. If you make it "optional" - where people can request a true name etc when they need it to comply with law, but don't have to request it otherwise - you will find that the number of sellers willing to do business with anonymous buyers, and the number of transactions in which they legally can do business with anonymous buyers, starts low and then drops rapidly as legal troubles and scams of various kinds, as well as new laws designed to prevent those troubles and scams, catch up to the sellers. Anyway, nothing's preventing you from building your "unlinkable" cert system to compete with other forms of commerce. But in the presence of any other system whatsoever, I expect almost no one to use it and predict that using it or running services that allow people to use it will rapidly become illegal in all developed nations.

Again, you are trying to inject a certificate authority into the middle of a relationship where it is just not very useful.

Perhaps there are other ways to achieve all of the requirements for a system that people can use while complying with applicable laws. I cannot think of a simpler or more useful one.

Ebay does not care about true names.

Aside from being irrelevant because ebay does not function as a buyer or seller, and only minimally as a cert authority in their client's auctions (in particular they do NOT vouch for anyone's ability to pay), this is blatantly false. Ebay cares about true names, and linkable information such as bank account numbers. Without them it won't let you use its payment system. Also, try funding an ebay seller's account using just cash somehow and tell me how it goes. It used to be possible but it's been several years since the law bounced on ebay for allowing that and commanded them to collect true name information from all sellers. Also remember ebay has to collect its fee from somebody and until the auction's conclusion doesn't know how large that fee is going to be. They insist on knowing who that somebody is. Bear --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com