[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The Carl & Bob show

I believe Carl was right when he suspected that you two would come to agree
sooner or later.  Or at least to a compromise.  I found the following, in
my opinion interesting, points in your message.

Bob Jueneman wrote:
> Of course, CA's don't issue "ID certificates" per se, but they do at 
> least tend to include locality information which approximates 
> something like an "identity", at least in some people's view.

I include this for reference, because you seem to suggest that this
approximate locality information is relevant.  But later you seem to find
that it isn't, even though you perhaps didn't see it that way.

> Although I believe that a globally unambiguous name is desirable, and 
> using either geographical or other forms of name qualification, 
> including street address if necessary, is not particularly difficult 
> to do, it isn't an absolute requirement that a name be globally 
> unambiguous.

I see this in the light that the Finnish postal service has been rumored to
consider unambiguous addresses as well.  The funny thing is that this would
be achieved by *removing* geographical references.  You see, people tend to
move around a lot, so mail ends up in the wrong physical location, which
costs a fortune.  What they really seem to be looking for is a "delivery
certificate", where they would be the agency responsible for delivering the
mail addressed to a particular recipient. The similarity to Carl's
"subpoena certificate" is striking.

> It isn't even absolutely necessary that the name be particularly 
> convenient or user-friendly, although that is of course desirable.

I see a convergence here...

> If someone named say Paula Jones doesn't want to include her street 
> address in her certificate, she may use a distinguished name that 
> consists of her common name plus the name of her CA plus a unique ID 
> assigned by that CA, or maybe even her name plus a message digest of 
> her birth certificate. 

Intriguing thought.  I have a suggestion: Why not get rid of the name part
altogether?  If you're called "John", the entropy of those four bytes is
very low.  So, what are we left with?  A digest.  Which again has a
striking similarity to a digest of a public key, which would be an SPKI
identity if I'm not mistaken.

> If the residence address isn't listed, however, then the CA probably 
> has an obligation to maintain records that could be subpoenaed, if 
> necessary, and if they don't, then relying parties would be well 
> advised not to accept that kind of a certificate for anything 
> important.

So, to be able to rely on a certificate, you'd need a subpoena
certificate.  Considering that the CA structure really does not carry
responsibility, we'd need a separate body for that.  Say, an organization
issuing SPKI subpoena certificates?

> The merchant would like to get paid, and if necessary is willing to 
> take legal action.  But against whom, and how?

It's very straightforward.  He drafts the necessary legal documents and
sends them off to the subpoena serving organization named in the SPKI
certificate.  Voila.  Ok, I'm lying, it's not really quite that simple. But
you get the point, I hope.

> So one way or the other, the merchant needs to know where I reside, or 
> at least a postal address where legal notices can be sent with a very 
> high probability of being received.

In this scenario the merchant really wouldn't need to ever know who you
are.  In "real life" he most certainly would, but I can envision a scenario
where small debts would simply be processed anonymously.  The above
subpoena organization would simply return the money once it had been
recovered.  The definition of a "small debt" depends on how much trust can
be placed in the whole structure.  I don't think this would work if you'd
ordered the oil tanker referred to in earlier examples.

> Now, does that make a VeriSign certificate that lists my address the 
> same as a national ID card?  No, it doesn't, for a number of reasons.

I for one would not want such a certificate.  It goes against some basic
privacy beliefs of mine to give out my address like that.  I do hand it out
fairly easily, but I don't want to do it all the time, without the option
of not doing so.

> whereas a national ID card would presumably be the equivalent of a 
> mandatory passport, and would therefore prove citizenship.  (Anyone 
> without one might be subject to deportation, especially if their name 
> were Julio and they had a rather brown skin.)

I think most "civilized" nations do not use national IDs like that.  The
posession of one proves nationality, but the lack of one does not.  It only
proves that you may have left it at home. You are only subject to
deportation once your lack of proper nationality has been proven beyond
reasonable doubt.  Anything else resembles a police state.


Who, by the way, apparently has a globally unique name. :-)
Camillo Sdrs <Camillo.Sars@DataFellows.com> Data Fellows Ltd.
F-Secure Support
http://www.Europe.DataFellows.com/      Aim for the impossible and you
http://www.iki.fi/ged                   will achieve the improbable