Authentication vs encryption: CPs on the web
Amanda Walker
amanda at intercon.com
Tue Dec 13 13:46:08 PST 1994
> I notice that the people who come to this topic from an
> institutional point of view tend to be more interested in
> the authentication aspects.
> This seems to fit better into the control-oriented mindset.
> With authentication you can track what people are doing
> better; non-repudiable signatures could actually work in some ways
> against the signer. I think that may be one reason Phil Zimmermann
> is famous for not signing his messages. :-) But encryption can
> actually work against institutional interests (compared to individual
> ones) by making it harder to keep track of people's activities.
Very much agreed. This is why, in my description of the rough criteria I sent
out, I included mention of self-signed certificates (which only show that you
do in fact have the private key corresponding to a given public key), bare
keys, and so on.
There clearly needs to be facilities for encrypted anonymous use. To expand
on my example of wanting sales literature to be signed so I know it's genuine,
I correspondingly *don't* want to include a certificate with identifying
information in my own query--I get enough junk mail already, and I don't want
vendors to be able to capture market research at the browsing level (I haven't
looked at WIRED's server for precisely this reason).
Amanda Walker
InterCon Systems Corporation
More information about the cypherpunks-legacy
mailing list