Anonymity vs reputation question

Major Variola (ret) mv at cdc.gov
Mon Apr 19 09:41:30 PDT 2004


At 05:57 AM 4/19/04 -0400, An Metet wrote:
>> Is it possible to have a system where nyms can share reputation
without
>> divulging the links between them? That would allow the possibility of
eg.
>> publishing as a "new" identity while still having the "weight" of an
>> already established seasoned professional.
>
>Yes, you can do this, but there are some problems.
>
>First, what is a reputation?  Reputations are in people's minds.  Any
nym
>will have a different reputation with different people.  The only way
>the new nym could have exactly the same reputation with everyone would
>be for it to be explicitly linked to the old nym, defeating the purpose

>of switching.

Reputation requires authentication so you know you're talking to the
same endpoint.
It is easily implemented with a PK signature.  Normally you assume the
IP:port
at the other end remains the same endpoint, but MITM attacks show that
this is an
exploitably false assumption.  IPSec fixes this.

So reputation is not in people's minds, its something that one can
construct
by signing documents with the same key.

A nym is just a token, a string, a handle.  You can make it more by
making it persistant across sessions (ie, keep using the same RSA key
instead of using ephemeral DH or one-time RSA keys to authenticate
a single session.); normally folks do this to accrue reputation as well
as for convenience.  All you need is the same RSA key used above.

You can further concretize a nym by associating it with a human
subject to Men w/ Guns.  But its not necessary, any more than
persistant authentication (reputation) is.  You can use a throw-away
email account, or public key, for each message, thread, clique, etc.

--------

In thinking about how to transfer reputation-credits,
is the Adversary watching any movement on that 'account'?
To use the credits, someone has to talk to a clearing house
(to avoid double-spending)
unless the reputation was on a physical bearer-gizmo like
a secure card.  (Cash or other anon Finder's-Keeper's
bearer bling are the preferred funds transfer mechanism
for identity-change).  I don't see how you can transfer
an unforgable token without some online activity
xor secure physical implementation.





More information about the cypherpunks-legacy mailing list