[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Authentication vs encryption: CPs on the web



> I notice that the people who come to this topic from an 
> institutional point of view tend to be more interested in 
> the authentication aspects. 
> This seems to fit better into the control-oriented mindset.  
> With authentication you can track what people are doing 
> better; non-repudiable signatures could actually work in some ways 
> against the signer.  I think that may be one reason Phil Zimmermann 
> is famous for not signing his messages. :-)  But encryption can 
> actually work against institutional interests (compared to individual 
> ones) by making it harder to keep track of people's activities. 

Very much agreed.  This is why, in my description of the rough criteria I sent 
out, I included mention of self-signed certificates (which only show that you 
do in fact have the private key corresponding to a given public key), bare 
keys, and so on.

There clearly needs to be facilities for encrypted anonymous use.  To expand 
on my example of wanting sales literature to be signed so I know it's genuine, 
I correspondingly *don't* want to include a certificate with identifying 
information in my own query--I get enough junk mail already, and I don't want 
vendors to be able to capture market research at the browsing level (I haven't 
looked at WIRED's server for precisely this reason).


Amanda Walker
InterCon Systems Corporation