[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: legal question about certs

Carl Ellison:
> I am perfectly serious when I say that so-called "True Names" -- names from
> some global name space -- depart so far from the human names of Walton's
> Mountain (where they last made some real sense) that they might as well be
> random numbers (maybe with a common name inside). 

Where there is to be any judgement made by a human being, (as in a legal
contract where there must be "a meeting of the minds"), we need
human-readable names bound to persons.  We need to be able to 
link reputational data gathered by our minds from various sources.
That interactions are non-geographical does not mean we stop
getting to know people before doing business with them.

> ..the human is tied to the private key through tamper
> resistance, physical protection of computers, knowledge of passwords, etc.

A public key user has no way to verify the security of the private key,
except by reputation (which presupposes a stable name).  A public identifier 
with no private component, such as a common name or Social Security Number, 
provides a more stable binding than an identifier which must be changed 
if the secrecy of a private component is compromised.

That said, for privacy reasons pseudonyms, and on-line relationships
which don't rely on a True Name to link all reputational data, are 
often greatly to be preferred.  

It would be great to be able to create new business names on the fly,
to scope only the kind of information necessary to a counterparty: job 
history for a prospective employer, credit history for a prospective
creditor, medical history for a hospital, etc.  Chaumian blinded
credentials are one possible way to do this for public keypairs.
Corresponding human-readable names might be descriptive,
named after their role in a contract (e.g. "Smart Card"
for the programmer responsible for programming the smart card
routines), cycle through a namespace (like hurricane names),
or a combination.

> Since neither the "True Name" nor the key means anything to me by itself, I
> have to track down the human in some other way (probably a cert: e.g., a SDSI
> name cert, a donation cert, a subpoena cert, ...) 

I think the subpoena cert is a wonderful idea.   We should isolate
this kind of activity and make it explicit, rather than hanging it 
in the shadows like Damocles' Sword over every SPKI-using protocol.

Nick Szabo