Re: Certificates/Anonymity/Policy/True Names
Date: Fri, 18 Aug 1995 14:47:55 -0400 (EDT) From: Michael Froomkin <mfroomki@umiami.ir.miami.edu>
You have decided to allow the private CAs to issue certificates of varying degrees of corroberation so long as the degree of verification used is deducible from the certificate. E.g. a certificate might say "we check the passport"; or "we check driver's license" or "we took blood, hair, fingprint, retinal scan and first-born child". It might even say "we checked nothing". You have also decided that a CA may issue a certificate in the name of a pseudonym, so long as the CA retains information about the True Name. Now the issue arises as to whether one should allow the CA to issue certificates to pseudonyms where it has *no record* of the real identity of the person proffering the key pair.
Is there any reason why a person would want such a certificate?
I see several reasons, but I don't see a reason for a CA in this case. The key being signed can serve in place of the CA's key. That is, the key can be self-signed. All that needs to be proved in this case is that someone owns the private key which goes with the public key. As for what good that key is -- Prior to our meeting in person this year, all you knew about me was by my postings. If I had signed all of them with the same self-signed key, then you would know that all of those postings came from one "person" (the set of people, presumably only one person, with access to the private key). The postings define the person, in your mind, and you are absolutely certain that they came from that person (defined as I did above). You don't need any further certification to attest to that fact. No economic impact, you say? My postings could have been S/W. You could have tried my S/W and liked it -- hiring me to do work for you privately. In all this process, we need never meet. If we don't meet, it doesn't matter what my blood type is or if I have a driver's license or a passport. I could even be a small, silver-skinned alien who is perpetually in hiding. No money transfer, you say? Wells Fargo bank (an innovator) could initiate public-key bank accounts. I would open the account by sending them a self-signed public key. They would use that key as my bank account number. Anyone would be allowed to deposit money into that account (e.g., using CyberCash transfers). Only I, the person holding the private key, would be permitted to transfer funds out. Again, in the Internet, nobody knows you're a dog-faced alien sea creature. - Carl
-----BEGIN PGP SIGNED MESSAGE-----
As for what good that key is --
<snip>
No economic impact, you say?
<snip>
No money transfer, you say?
<snip>
Again, in the Internet, nobody knows you're a dog-faced alien sea creature.
Thank you for posting that. I've been increasingly frustrated with people who assume that they have some need for a one-to-one 'nym<->Real-Life-human-body mapping. I would have been posting on this topic myself, but I am busy. Thanks again, and I hope you go ahead and start PGP-clearsigning your posts so that my high opinion of you can become more firmly fixed. :-) Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDjWw/WZSllhfG25AQFK/AQArnre8FU4fs/w93xHy7MgE0pjbHpSrvmw U2flrQcbr+erwgzzNaFjgM5th2vScgTmLXWkg4IAmLpUM7pz4aVZM/5mj9Pg6T8J fQS1DK7Lt6oAEqzqWjW/7xM1dxIyZkwyjJmO45TnqbBFjUjguqZ39QDacDhywhgr uCErN4fwQ1o= =096y -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Date: Mon, 21 Aug 1995 12:56:21 -0600 From: Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu>
Thanks again, and I hope you go ahead and start PGP-clearsigning your posts
Yes, I've been remiss. It's an old belief -- that signing is expensive. Now that I'm using emacs extensions and RMAIL, it's really easy -- but I still follow the old habit. We really need mailers with auto-cryptography! (as easy as in Lotus Notes) - Carl +--------------------------------------------------------------------------+ |Carl M. Ellison cme@acm.org http://www.clark.net/pub/cme/home.html | |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2 | | ``Officer, officer, arrest that man! He's whistling a dirty song.'' | +----------------------------------------------------------- Jean Ellison -+ -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMDjcS1QXJENzYr45AQEgAwP/RWusaK/C4bcFVaSGRa6WXrrfJMAeeVXL s5E221rx3POtKr6Nq+TZnlFs5uaian8u1XvCCApYEIPdYAcWIUtJJAp5soLhOyi7 ceF8slVJisYyexj1Zo5qHoOV+ajg/YZeRxL72ofQXF4gdsSbGUp4B6nE/ncRp2S+ nnKZyutOo4A= =b09P -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Thanks again, and I hope you go ahead and start PGP-clearsigning your posts
Yes, I've been remiss. It's an old belief -- that signing is expensive. Now that I'm using emacs extensions and RMAIL, it's really easy -- but I still follow the old habit.
We really need mailers with auto-cryptography! (as easy as in Lotus Notes)
I have a pretty easy-to-use set-up... Not to seem picky or anything, but now that I have a clearsigned message from you, I need your public key in order to verify it. :-) Regards, Bryce -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed with Bryce's Auto-PGP v1.0beta iQCVAwUBMDk1evWZSllhfG25AQGEVgP9HKxRWdvroE1KdMUEI7zAogwVpeViLaL0 v2Al/lJQIjqiUKFASFuFw6zfR/5d3myL3mhJ0b7Yb/mu2u4wj2zIrmui+8h8qBmw +L2GoeJFnOVrkX32Dt9uZ6ckS66hbSDkYQ6rVY2dTii8lszPjEC7f6gE7/fl8Ky0 zC/f2+pUUko= =Q0tW -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
"wilcoxb" == Bryce Wilcox <wilcoxb@nagina.cs.colorado.edu> writes:
Yes, I've been remiss. It's an old belief -- that signing is expensive. Now that I'm using emacs extensions and RMAIL, it's really easy -- but I still follow the old habit.
wilcoxb> I have a pretty easy-to-use set-up... Probably not as easy as Carl's. wilcoxb> Not to seem picky or anything, but now that I have a wilcoxb> clearsigned message from you, I need your public key in wilcoxb> order to verify it. :-) Assuming Carl is using Mailcrypt under Emacs (as he suggests above), then he doesn't have the same problem. When the signature fails to verify for lack of a key, Mailcrypt will parse the PGP output and offer to fetch the needed key automatically (and instantly) via HTTP to the keyservers. But then, Emacs only runs on "ghettoized" operating systems like Unix, VMS, OS/2, and Windows 95... -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Processed by Mailcrypt 3.3, an Emacs/PGP interface iQCVAwUBMDnljnr7ES8bepftAQEFLwP/b9TE5QphAhJl1PyhdAsbyE3Vx58TuwGD dAJf2fpThN9wYgQ3b0K+QxYbLVcQTbof5v8/AvYyM32JrsEzRQXZmjguoOT0BnLz gjxTS5qLhOmcOhbUc6G3iEPQTuusWU59PPqp1TYPkZ0zVopDvPjay2O60whl4t/a bARjHknf+es= =bAX+ -----END PGP SIGNATURE-----
participants (3)
-
Bryce Wilcox -
Carl Ellison -
Patrick J. LoPresti