[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

one-body, one-cert

To: spki@c2.net
Subject: one-body, one-cert
From: Carl Ellison <cme@cybercash.com>
Date: Fri, 18 Oct 1996 22:16:04 -0400
Sender: owner-spki@c2.net

There was a request on another list a few days ago for a one-body,
one-valid-cert service.  The writer assumed that a standard ID cert like
one from VeriSign would give him that service.  [Ie., once you get one cert
from them, you'll never be given another -- where "you" are the person with
your DNA.]  He didn't realize how easy it is to get a cert under an assumed
name (or someone else's name) from an on-line cert issuer.

He also wanted this cert to be anonymous.

Our INDIRECT-SUBJECT: construct allows someone to issue certs (e.g., for
voter registration) which are anonymous even to the issuer, but I'm not
entirely sure anyone except voter registration will ever set up such a
service.

I'm also not sure it's desirable to have a (one body):(one active cert)
service.  Such a service could be misused to become like the hated national
ID card -- required to get work, to pay taxes, get paid, get medical care,
travel, ..., and subject to threat of revocation, in case you do something
the service disapproves of.

As I mentioned on that list, the Chicago folklore is that (one body):(one
vote) is uninforceable.  I'm not sure such a service could succeed in its
stated purpose.

Meanwhile, there's the problem of revocation of an anonymous blind cert.
Since the blind signature isn't part of a cert itself, it can't be revoked
without revoking the blind signature key and therefore all the certs issued
by that blind signature key.  You can allow single user revocation, but
only by using a different bind signature key for each applicant -- in which
case anonymity to the issuer is lost.

Meanwhile, if he sets up such a service just for his members (e.g., an
on-line Alcoholics Anonymous group, for example), the list of people who
have requested blinded certs is itself an unacceptable leakage of
information.   He needs a worldwide (one body):(one cert) service.

Thoughts?

 - Carl




+------------------------------------------------------------------+
|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street   PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |
+------------------------------------------------------------------+

Follow-Ups:

Re: one-body, one-cert

From: Adam Shostack <adam@homeport.org>

Re: one-body, one-cert

From: Moltar Ramone <jlasser@rwd.goucher.edu>

Prev by Date: ** 10/8 Digital Signatures Working Group Meeting ** RSVP REQUIRED
Next by Date: presentation to DIMACS
Prev by thread: ** 10/8 Digital Signatures Working Group Meeting ** RSVP REQUIRED
Next by thread: Re: one-body, one-cert
Index(es):
- Main
- Thread