Carl and I and others have been discussing whether the Web of Trust ought to use certificates to tie keys to people or attributes. It's taken a while to sink in, but I now think he's basically right :-) ; on the other hand, it can also still be done using the ugly X.509 format. This means that we can begin to go out and corrupt users who might otherwise want Driver's Licenses for the Infotainment Superhighway into realizing that the Net can give them _more_ privacy instead of less.

Alternatively, I can have First Security Bank open account 01732 for me and create a certificate binding my public key to that account number. Now, I can use that key to sign anonymous checks. (The bank knows me, perhaps, but the payee doesn't need to.)

Yeah. Consider a slightly-abused Distinguished Name for a checking or credit card. /Account=01732/Type=Checking/Org=FooBank/Country=com/ with key aaa signed /Title=Accountsigner/Org=FooBank/Country=com/ with key bbb signed /Title=MasterKey/Org=FooBank/Country=Com/ with key mmm signed /OU=Corporate/O=Verisign/Country=com/ with key vvv When you sign a check/credit card today, your name and signature are there as vague verification for the payee and bank that it's authentic; with digital signatures, the fact that you can sign a note saying "Pay $X to $Y Signed aaa" is all the verification they need, though the name business makes it easier for them to find what attributes the signer had and how to get the actual money... Even the account number could be the public key instead, but that's pretty long. (Credit cards may be a slight wrinkle, since there are lots of laws about them.) What the name also gives you is a handle to hang marketing data on. Sometimes, you may have that data from the transaction (card cccccc wanted 5 plutonium widgets sent to Resident, 1600 Penn.Ave, WashDC 20017), sometimes you've got less (card cccccc wants to receive results of a stock search at IP address 199.35.212.164, which is way less since that's just a Netcom port server :-) So a credit card or checking account with just an account number and key gives you _far_ more privacy than a current conventional one - even if it's not the full mathematically subpoena-proof privacy that Chaumian digicash could give. And if your bank wants to offer extra privacy, it can let you create sub-accounts - send a request for "Create Sub-account Key SSS Account AAA Parameters p1,p2,p3" signed aaa, and it sends you a new certificate /Account=NewUnique#/etc. with key SSS signed by bbb. So you can give everybody a different-looking check, at least if the cost is low. [> Key signing "I use this name" vs. names not being able to sign "I use this key"] I still think you often want both directions, especially for privacy. (For authentication, anybody who's got the attribute you want or claim will often do; for privacy, you really want to identify the _person_ you're talking to, so the attribute "where the _real_ Carl Ellison gets his mail" is important. Pseudonyms have an easier time of this, as long as they start using their keys at the same time as their names.) #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---