[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Uniqueness and "is-a-person" credentials



I remembered about is-a-person credentials after I posted.  I had thought
this idea came from Chaum but I didn't see it in his 1985 paper.  I don't
recall the details of this credentialling mechanism, so take what I say
here with a grain of salt.  I hope someone can post a cite.

One point is, there is no need to associate these with states.  Private
corporations could easily issue is-a-person credentials.  You show up
and let them take your thumbprint (retina print, DNA scan, ...), and they
give you the credential.  They don't need to know your name, just that
you don't already have a credential.  (The different agencies would have
to share a database as is done in many industries today.)

Then, if L. Detweiler wants to accuse Eric and Jamie of being the same
person, they can disprove it by exhibiting their different is-a-person
credentials.  (They might not "exhibit" them, they might use some kind
of zero-knowledge proof to show they are different.)

If anonymity and spoofing get to be too bad a problem, most people may
refuse to have net.dealings with anyone who is not willing to show an
is-a-person credential.  Among your pseudonyms, only one can show it,
otherwise they will be linked.  This would force all but one of your
pseudonyms into second-class citizenhood on the net.

This may seem unfortunate, but as those who just got through flaming
Detweiler remind us, if something like this is possible then just because
you don't like it, that won't stop it from happening.  It may be that
in the future the net is not a very anonymous environment, just because
the technology exists to catch spoofers.  L. Detweiler may get his wish
after all.

Hal Finney
[email protected]