[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: News on Congressional Debate on Exon
> (Controlling Web page accesses is a much tougher problem, of course. so I
> wouldn't expect much action on this at first.)
>
> By the way, I recently discovered a new twist on "age credentials": the use
> of credit cards to prove age. One image site is asking for a "valid credit
> card number" to be given...not to use for charges, but just to do a quick
> verification (they claim a few minutes or less) that the card is valid and
> in the name of the person accessing their site.
> Timothy C. May | Crypto Anarchy: encryption, digital money,
Actually, I've been thinking about this quite a bit recently. I'm building
an SSL enabled server, and clent-side authentication may provide
some help. I could see a user getting his or her public key certificate
signed with different CA keys which assert any number of conditions,
such as:
Key holder was born before (some particular date).
Key holder has access to sales data for XYZ corp.
Key holder is an adult who takes the first amendment seriously.
... and the server would recognize different CA signatures as permitting
different levels of access.
If your browser permitted you to select the key certificate used in
setting up the encrypted link (and different certs or sets of certs
could be protected with different passphrases), then Mom or Dad
could use their I-am-an-adult credential to read www.xxx.com,
while Junior could not. There *is* a loss of anonymity in this scheme,
however.
I realize that digital credentials are old hat on this list. The point I am
making is that the pieces for doing this are here - we just need to
assemble them.
(This is not to suggest that I am in favor of Exon/Coates in any way -
I am not. )
Speaking for myself alone....
Peter Trei
Senior Software Engineer
Purveyor Development Team
Process Software Corporation
http://www.process.com
[email protected]