[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificates/Anonymity/Policy/True Names

At 02:47 PM 8/18/95 -0400, Michael Froomkin writes about CAs,
and asks why a CA or customer would want a certificate for
a pseudonym without any identification or True Name.
>given that the recipient of a digital signature will easily be 
>able to check the value of the certificate (nil), won't the 
>transaction/communication be in all ways identical to one where there was 
>no certificate at all.  So is anything of value lost by prohibiting such 
>a certificate?

It's useful for a couple of reasons 
1) Continuity - For a single transaction, it doesn't make much difference;
for multiple transactions/communications it does.  
If you want to use the nym JohnDoe, and you register with keys.com, 
you can do repeated transactions (e.g. posting to the net) as JohnDoe/keys.com,
and nobody can impersonate you as long as keys.com doesn't allow duplicates.
This allows people to build reputations under pseudonyms, and do repeat
business or have readers bother to read their postings.

Without certification (whether web-based or hierarchy-based),
you're stuck with always posting your messages with a given key
and hoping people can decide whether they've really got yours or
some other JohnDoe.  Our local Black Unicorn is this way - 
few of us know his True Name, but his reputation is established.
On the other hand we can't really tell if the many postings by the
L-Name are from a single person, a cooperating group, or imposters
who decided it would be fun to borrow his reputation for the day.
Tim May has occasionally proposed that the key is really all that matters,
and that the name tacked onto it is just an untrustable convenience, but I'd
say that certification does increase that convenience by adding some trust. 

2) Policy-vs-Mechanism - Realistically, there'll be software out there
that wants an Official CA-approved certificate to talk to anyone.
If nobody's willing to give certificates to nyms, then nyms can't participate.

3) What's your definition of "prohibit"?  If you mean "Keys.com decides
not to offer the service", they lose the cash they might have made
selling certificates to nyms, lose some customer goodwill, but maybe gain
an improved reputation in other parts of the market, and JohnDoe can
always go to Nyms-R-Us.org and register as JohnDoe32767.
If you mean "the government should ban it", I've done enough anarchist ranting
about how that sort of thing degrades society :-)
However, if you mean "The Certificate Authority Cabal should agree not to
offer any certificates without real ID and contractually forbid lower-level
certifiers to do it either", well, it's a sad thing for society,
but they can do it if they want.  You lose the ability to participate as a nym,
you lose privacy, you lose the value that you might have gained by
transactions with people who wanted to retain their anonymity.

RSA does offer personna certificates to unauthenticated people.
(Also see my follow-on message about my offer to sign PGP keys for nyms.)

4) Are there negatives about dealing with unattributable pseudonyms?  Of course.
But you don't have to deal with them, and there will be CAs who don't,
and services that refuse to deal with unauthenticated pseudonyms,
just as there are on-line services like the Well that allow "unlisted"
identifications but do keep track of true names for their users.
It would be nice if certification authorities did indicate how much trust
they have in the identity of a given key's owner, but markets will take
care of that.

                Thanks;  Bill Stewart
#                                Thanks;  Bill
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281

	   "The fat man rocks out
	Hinges fall off Heaven's door
	   "Come on in," says Bill"    Wavy Gravy's haiku for Jerry