[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Certificates/Anonymity/Policy/True Names

I have a question which is of course purely hypothetical.

Suppose you were designing the legal framework that would govern the 
operation of Certification Authorities (the people who issue certificates 
vouching for public keys used for digitial signatures), called CAs for 
short.  The CAs will operate in a hierarchical model (not a 
PGP-web-of-trust model), with a state agency being at the root, and 
issuing certificates for private CAs.

You have decided to allow the private CAs to issue certificates of varying
degrees of corroberation so long as the degree of verification used is
deducible from the certificate.  E.g. a certificate might say "we check
the passport"; or "we check driver's license" or "we took blood, hair,
fingprint, retinal scan and first-born child".  It might even say "we
checked nothing".  You have also decided that a CA may issue a certificate
in the name of a pseudonym, so long as the CA retains information about
the True Name.  Now the issue arises as to whether one should allow the CA
to issue certificates to pseudonyms where it has *no record* of the real
identity of the person proffering the key pair. 

Is there any reason why a person would want such a certificate?  In other 
words, given that the recipient of a digital signature will easily be 
able to check the value of the certificate (nil), won't the 
transaction/communication be in all ways identical to one where there was 
no certificate at all.  So is anything of value lost by prohibiting such 
a certificate?

I understand, of course, that in a world where the CA has no duty to 
check the client's representations, there is a somewhat farcical element 
to this debate, but this hypothetical problem involves group decision 
making and groups find themselves debating irrational things.

A. Michael Froomkin        | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law | [email protected]
U. Miami School of Law     | 
P.O. Box 248087            | It's hot here.  And humid.
Coral Gables, FL 33124 USA |
See http://www-swiss.ai.mit.edu/6095/articles/froomkin-metaphor/text.html
and http://www.law.cornell.edu/jol/froomkin.htm