Re: Certificates/Anonymity/Policy/True Names
I think there are many people who might be willing to use an "anon CA" should it exist: Whistleblowers, perhaps Deep Throat would have used email People writing letters to the editor who don't want to trust the editor to withhold their info People who desire anonymyity yet don't want to trust the gov't to certify their communications as authentic/forged (Unabomber, Om Shin-rkyo) Any number of writers who have used psuedonyms and now want to get paid in ecash; Mark Twain?
But this is precisely the issue: what does the *certificate* get any of these people that a simple digital signature does not provide? On Sat, 19 Aug 1995, Rich Salz wrote:
I think there are many people who might be willing to use an "anon CA" should it exist: Whistleblowers, perhaps Deep Throat would have used email People writing letters to the editor who don't want to trust the editor to withhold their info People who desire anonymyity yet don't want to trust the gov't to certify their communications as authentic/forged (Unabomber, Om Shin-rkyo) Any number of writers who have used psuedonyms and now want to get paid in ecash; Mark Twain?
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | mfroomki@umiami.ir.miami.edu U. Miami School of Law | P.O. Box 248087 | It's hot here. And humid. Coral Gables, FL 33124 USA | See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html and http://www.law.cornell.edu/jol/froomkin.htm
Hello Michael Froomkin <mfroomki@umiami.ir.miami.edu> and Rich Salz <rsalz@osf.org> and cypherpunks@toad.com Original reason at end (after the reply).
But this is precisely the issue: what does the *certificate* get any of these people that a simple digital signature does not provide?
Protection from spoofing.
On Sat, 19 Aug 1995, Rich Salz wrote:
I think there are many people who might be willing to use an "anon CA" should it exist: Whistleblowers, perhaps Deep Throat would have used email
Certification is needed to avoid another person intercepting, re-signing, and substituting hir own key.
Any number of writers who have used psuedonyms and now want to get paid in ecash; Mark Twain?
Certification is needed to avoid another person diverting the ecash (a disputed unsigned key practically useless). In fact a much simpler attack is denial-of-service: simply dispute the key (send another one to the keyservers), and let the resulting uncertainty cut off the profits. Also, if you insist on govt-is-root, you need certified pseudonyms to set up a pseudonymous CA (ie a CA whose real identity is unknown). Hope that makes sense... Jiri -- If you want an answer, please mail to <jirib@cs.monash.edu.au>. On sweeney, I may delete without reading! PGP 463A14D5 (but it's at home so it'll take a day or two)
participants (3)
-
Jiri Baum -
Michael Froomkin -
Rich Salz