Client Certificate UI for Chrome? [OT anonymous-

Ray Dillinger bear at sonic.net
Thu Aug 20 12:11:21 PDT 2009 

transaction bull***t]

[Moderator's note: this is getting a bit off topic, and I'd prefer to
limit followups. --Perry]

On Wed, 2009-08-19 at 06:23 +1000, James A. Donald wrote:
> Ray Dillinger wrote:

>> If there is not an existing relationship (first time someone
>> uses an e-tailer) then there has to be a key depository that
>> both can authenticate to, with a token authorizing their
>> authentication to authenticate them to the other, which then
>> vouches to each for the identity of the other.
>
> Actually not.
>
> What the seller wants to know is that the buyer's money is good, not
> what the true name of the buyer is - a service provided by Visa, or
> Web-money, or some such.

No.  This juvenile fantasy is complete and utter nonsense, and
I've heard people repeating it to each other far too often.  If
you repeat it to each other too often you run the risk of starting
to believe it, and it will only get you in trouble.  This is a
world that has not just cryptographic protocols but also laws
and rules and a society into which those protocols must fit.  That
stuff doesn't all go away just because some fantasy-world
conception of the future of commerce as unlinkable anonymous
transactions says it should.

In any transaction involving physical goods, the seller also wants
to know to whom to ship the product.  Since the laws in most nations
do not require the recipient of an erroneous shipment to return
the goods and *do* require the seller to give back the buyer's money
if the shipment doesn't go where the buyer wants it, sellers really
care that the correct recipient will receive the package and really
need some way to contact the buyer in case there's a mistake about
the recipient address or identity.  Otherwise you'd get people
playing silly buggers with the shipping address to get out of paying
for million-dollar equipment.

The law usually requires that the recipient of defective goods
or services has the ability to return those goods for a refund
or obtain a refund in the event of seller nonperformance of
services or nonshipment of goods.  Since such returns can be
used to launder money from illegal enterprises, laws usually
restrict anonymous returns. Therefore the seller needs the
buyer's (or client's) identity in order to comply with the law.

In information-based transactions involving IP that's subject
to copyright or trade secret protection (which is effectively
all of them since other IP can be had for free) the seller also
wants to know who is the licensee that's bound by the terms
of the license and who now poses a "risk" of copyright breakage.
In both cases this is a liability taken on by the buyer, and
not something that his "money being good" for just the
transaction price can ameliorate.

In financial transactions The seller also wants to know that s/he
can comply with, eg, "know your customer" laws and avoid liability
for gross negligence in, eg, money laundering cases.

In many transactions the seller wants the buyer's identity and a
liability waiver signed by the buyer so as to keep track of or
avoid liability for what the customer is going to do with his/her
products.

Most sellers want the ability to offer the buyer credit terms,
especially when large sums are involved.  And even where money
is supposedly firm (like the money Bernie Madoff's clients had
in their accounts) it is subject to catastrophic vanishment in
extraordinary circumstances.  The seller needs to know whom to
sue or at least whose name to put on the forms for their insurance
claim if contrary to expectations the buyer's money turns out not
to be good.

If the cert authority does not provide the identity of the buyer
but asserts that the buyer's money is good, and this turns out not
to be true (as in the case of Madoff's clients), then in most
legal systems the cert authority is either liable, or can expect
to be sued in a very expensive empirical test of liability.  So
the cert authority doesn't want to be in the business of vouching
for the ability of anonymous people to pay.

The only way for the money to be truly firm for these purposes
is that the cert authority has it in escrow.  This makes the
cert authority a financial institution and therefore subject to
"know your customer" mandatory reporting, data retention laws,
subpeonas, and so on.  Also, it introduces a needless delay
and complication to the transaction that legitimate buyers and
sellers would mostly rather not have.

Also, in any large transaction the seller or cert authority or both
must retain buyer identity information in order to be able to
comply with subpeonas, inquests, or equivalent writs, for
periods ranging from zero in a few undeveloped african nations to
five years in much of the rest of the world.

In most of the nations on earth, there is such a thing as sales
tax or use tax on goods or services, and any transaction involving
more than a tiny sum must be reported (with the names of buyer and
seller) to relevant tax authorities.  Even tiny transactions must be
reported in aggregate, although these usually don't require the
buyers' names. Since the seller has the legal obligation to report,
s/he also has the legal obligation to collect identity information
from his/her clients.

Most nations are very sensitive about cross-border money flows,
have tax laws that apply specifically to international transactions,
and want to know such things as the buyer and seller identity.
In this case it is the legal obligation of both buyer and seller
in international transactions to collect whatever information
their particular nation requires them to have and report it
according to their particular nation's laws.

And so on.

Maybe in a cypherpunk world where there are no laws other than the
natural laws of mathematics, no physical world in which goods have
to be manufactured and delivered, no national borders or third
parties having a tax or legal interest in transactions, no information
other than valuable secrets subject to no post-sale copyrights or
licensing, no liability laws or customers-rights laws whatsoever, no
taxation, and a bunch of other bizarro-world conditions, the seller
would not need anything more than the knowledge that the buyer's
money was good.

But that's like proving that a pig can fly starting from an assumption
of an ideal, spherical pig of zero mass.  It is not the world in which
we live, unless we are black-marketeers in international waters, not
subject to the laws of any nation.

If you make it "optional" - where people can request a true name etc
when they need it to comply with law, but don't have to request it
otherwise - you will find that the number of sellers willing to do
business with anonymous buyers, and the number of transactions in
which they legally can do business with anonymous buyers, starts low
and then drops rapidly as legal troubles and scams of various kinds,
as well as new laws designed to prevent those troubles and scams,
catch up to the sellers.

Anyway, nothing's preventing you from building your "unlinkable" cert
system to compete with other forms of commerce.  But in the presence
of any other system whatsoever, I expect almost no one to use it and
predict that using it or running services that allow people to use
it will rapidly become illegal in all developed nations.

> Again, you are trying to inject a certificate authority into the  
> middle
> of a relationship where it is just not very useful.

Perhaps there are other ways to achieve all of the requirements for a
system that people can use while complying with applicable laws.  I
cannot think of a simpler or more useful one.

> Ebay does not care
> about true names.

Aside from being irrelevant because ebay does not function as a
buyer or seller, and only minimally as a cert authority in
their client's auctions (in particular they do NOT vouch for
anyone's ability to pay), this is blatantly false.  Ebay cares
about true names, and linkable information such as bank account
numbers.  Without them it won't let you use its payment system.
Also, try funding an ebay seller's account using just cash somehow
and tell me how it goes.  It used to be possible but it's been
several years since the law bounced on ebay for allowing that and
commanded them to collect true name information from all sellers.

Also remember ebay has to collect its fee from somebody and until
the auction's conclusion doesn't know how large that fee is going
to be.  They insist on knowing who that somebody is.

				Bear


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cypherpunks-legacy mailing list