[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: anonymity and e-cash



At 10:28 PM 2/12/97 -0800, Hal Finney wrote:
>From: Sean Roach <[email protected]>
...
>> Another idea that has been festering.  If we could get a CPA involved in
>> this forum, I would be willing to have h[im/er] sign my key, (which is
>> seldom used, mostly because this is the only place I use e-mail), for that
>> reasonable fee that CPA's can charge.  I know that it is not a standard, or
>> even legally recognized, post for CPA's, but I think that enough people
>> would trust them.
>
>The big question with identity certificates is what procedures were followed
>in verifying the identity when the cert was issued.  If the CPA publishes
>some standard method, and his reputation is strong enough that people will
>trust him to follow it, then it might well be worth money to you to have
>him sign it.  This is the traditional role of the Certification Authority.
>
>> This would take care of some of the "newly minted" key problems.  Since
>> getting someone who is trusted to sign your key is a recognized method of
>> getting people to believe you are who you say you are.
>
>It depends on the circumstances where you expect to use your key.  Within
>a small to medium circle of associates there may be some group members
>who sign keys and are trusted by other members of the group.  There is
>no particular reason for it to be difficult.  If you want a signature which
>will be accepted by everyone in the U.S. you have a harder problem.

As far as I am aware, a CPA is supposed to require a photo ID.  Since this
is the method by which absentee voting is accomplished.  A supposedly
anonymous system, (using two envelopes, the postmaster only knows that you
voted, the vote counter only knows that it came by mail, the public only
knows how many people are absentee voters, and who, the voter assumes that
the system works), requiring the CPA as a witness to the identity of the voter.
The problem would be getting the public to recognize the CPA as a key
signing authority.  This would presumably require a public announcement, the
backing of existing trusted users, etc.

Personally, I think that the netherlands? toying around with the post office
would be ideal for keys used solely for signing.  I just wouldn't trust the
government to have access to the one I used for encryption.

Maybe that's a better idea.  Let's all use a government accessable key for
signing, making it as long as possible to reduce identity theft.  And use
homebrew, super encryption for the actual secrecy.  Let GAK be our CPA.