My second posting crossed in the mail with Eric's notes. At 9:09 AM 1/29/95, Eric Hughes wrote:

From: norm@netcom.com (Norman Hardy) ....

The hat check is signed blindly by the bank and is a bearer instrument.

There's no need to have it signed blind. A blind signature is useful when two parties have some persistent relationship with the intermediary; when they don't have identity, there's no need for blinding. .... We therefore conclude that there's no need for a blind signature here at all.

Yes, I was confused. jpp@markv.com had yet other valid objections. ....

Cancel a hat check: A holder of a hat check may sell it back to the bank at a negotiated price thus releasing the bank from the threat of paying a penalty in the future.

This cancellation can't be done well. Remember that the parties are remaining anonymous to the data bank. In order to release the data bank of an obligation, some party would have to make some signed statement releasing the data bank from the obligation. But making a signature reveals identity, perforce.

I have a novel sense of cancelation in mind. The check is canceled by the mere fact that the bank knows the Secret that produced the SH(Secret) in the check. The bank need not acquire or maintain a signed check revocation. This is sort of like Chaum's spent bills. This requires the client to trust the bank during the penalty transaction or to require escrow service. I have modified the original to describe this better.

Furthermore the retrieval note is a bearer instrument, but it's a _digital_ bearer instrument, which means you can't simply give the note back to the data bank. There's no piece of paper to return. Once the note is out there, it's out there forever. There can be lots and lots of bearers. Which one of them gets to release the data bank of its obligation?

.... Any bearer. Just as any bearer of a Chaum bill can spend it. Only he who spends it first, can spend it. Disseminate your hat checks carefully. That is another reason that Getty, in the example, holds the hat check carefully. ....

The hat check may specify expiration dates, cancellation terms etc.

The retrieval note very well should specify an expiration date, since otherwise the data bank has specified an obligation in perpetuity. A perpetual obligation is much less stable than a fixed-time one. The value to the data bank of disappearance grows larger as the cost of storing the data increases. No new external revenue is coming in (by definition -- otherwise you've got a renewable agreement, which is different) and all you've got is costs. So there becomes little reason not to simply abscond with the assets and deny any outstanding obligations.

A customer, therefore, would be wise not to deal with a data bank which signed perpetual obligations. If a customer wants indefinitely long storage, the best way to do this is with a set of interlocking obligations with mutually ignorant parties. .... Good points. I anticipate more complex broker services here.

I like the idea of a penalty for delay in retrieving the data aside from penalty for loosing the data. This may be strategic in the bank's arranging for the storage and retrieval from other sites and banks. Thanks. I will try to produce an emmended version thru ftp soon.