[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificates/Anonymity/Policy/True Names
Hello Michael Froomkin <[email protected]>
and Rich Salz <[email protected]>
and [email protected]
Original reason at end (after the reply).
> But this is precisely the issue: what does the *certificate* get any of
> these people that a simple digital signature does not provide?
Protection from spoofing.
> On Sat, 19 Aug 1995, Rich Salz wrote:
>
> > I think there are many people who might be willing to use an
> > "anon CA" should it exist:
> > Whistleblowers, perhaps Deep Throat would have used email
Certification is needed to avoid another person intercepting, re-signing,
and substituting hir own key.
> > Any number of writers who have used psuedonyms and now want to
> > get paid in ecash; Mark Twain?
Certification is needed to avoid another person diverting the ecash
(a disputed unsigned key practically useless). In fact a much simpler
attack is denial-of-service: simply dispute the key (send another one
to the keyservers), and let the resulting uncertainty cut off the profits.
Also, if you insist on govt-is-root, you need certified pseudonyms
to set up a pseudonymous CA (ie a CA whose real identity is unknown).
Hope that makes sense...
Jiri
--
If you want an answer, please mail to <[email protected]>.
On sweeney, I may delete without reading!
PGP 463A14D5 (but it's at home so it'll take a day or two)