[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



At 11:24 AM 11/1/97 +1100, Bob Smart wrote:
>There are two very distinct potential applications of public keys.
>In the first the holder of the matching private key has a clear
>wish to protect the private key in his/her own interest. For example
>if you have a bank account that can be manipulated by signed requests
>to the bank then you will look after that private key. And the bank
>probably doesn't care whether you do or not.
>In the 2nd type of application the holder of the private key may be 
>able to gain an advantage by allowing others to use it. For example
>in Australia you need to prove that you are over 18 to purchase
>alcohol. Consider an electronic order (signed request) for alcohol.
>It is worth considering what set of signed assertions need to accompany
>that request for the seller to be able to claim in court that he
>took reasonable steps to ascertain that the purchaser was over 18.
>[Or more realistically: if designing a system which will allow the
>purchase of alcohol over the Internet what sort of certification
>processes need to be instituted.]
>I don't think SPKI needs to cut itself off from the second sort of

I don't think we do need to either.  OTOH, this is what Bill Frantz 
addressed so strongly last year when he claimed we shouldn't pretend to have 
a non-delegatable cert.  If we want to prevent people from loaning out 
private keys, we need to let them do what they intend to by delegation.  
This implies that no one in his right mind would issue certs of the second 
form -- and that people would have to find a different way to control the 
delivery of age-appropriate things.

 - Carl

Version: PGP for Personal Privacy 5.0
Charset: noconv


|Carl M. Ellison  cme@cybercash.com   http://www.clark.net/pub/cme |
|CyberCash, Inc.                      http://www.cybercash.com/    |
|207 Grindall Street  PGP 08FF BA05 599B 49D2  23C6 6FFD 36BA D342 |
|Baltimore MD 21230-4103  T:(410) 727-4288  F:(410)727-4293        |

Follow-Ups: References: