[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: one-body, one-cert

[I am afraid this discussion is becoming off topic for SPKI.  I will also
post a longer version of this to cypherpunks and hopefully we can resume
the discussion there.]

From: Carl Ellison <cme@cybercash.com>
> Yes.  This protects me from the evil CA.  However, the original posting
> person wanted to make sure that once he had seen bad behavior on my part
> (where "I" am identified by my DNA) that every future use of any key by me
> will gain me no access to his service.
> I believe these two desires are fundamentally opposed -- irreconcilable.
> If someone does a bad thing with some key I'm supposed to control, then I
> want to be able to write that key off and get another one to give me
> access.  If *I* do the bad thing, then he doesn't want me ever to get
> access again.
> This is resolvable only if we have a way to detect the DNA behind the actor
> -- but we don't.  All we have are keys which a person controls -- until he
> doesn't.

I think in a system like this, participants would need to understand the
limitations and design the protocols with them in mind.  Ideally, getting
access to someone else's keys would be made very difficult, more so than
it is today, since the consequences could be so much more drastic.

It would be as though evil spirits roamed the world and could invade the
consciousness of careless people, taking over their bodies and forcing
them to commit horrendous acts.  In such a world we could expect people
to take whatever careful precautions are possible to avoid such threats.

Furthermore, systems which apply punishments for bad behavior would have
to be aware of the possibility of such occurances.  It would generally
not be appropriate to impose draconian consequences for a single bad act.
Rather, the possibility would always have to be considered that such
actions were not the fault of the apparent perpetrator.

We might expect to see systems in which single instances of misbehavior
are forgiven, but patterns of repetitive bad conduct are punished.  I
believe protocols similar to the ones Jim McCoy mentioned from Chaum
can provide very flexible (although possibly inefficient) means for
controlling credentials in a variety of ways.