[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Certificates, Attributes, Web of Trust
I have often said "You are your key." That is, keys have priority over
names, even True Names. The biometric True Name identity of a person
holding a key is only _another attribute_ of the key. Maybe important,
maybe not. It depends on the nature of the transaction.
But I go further: a huge number of interesting applications of strong
crypto have no connections at all with physical persons, let alone with
True Names. Agents in computer transactions, applets fired across networks,
agoric entities in computational ecologies, BlackNet sorts of markets, and
on and on.
The notion that a cryptographic key needs to be tied to a physical person
is deeply flawed.
The talk of certification authorities is OK, so long as the practice is
_completely_ and "strongly" voluntary (*).
(* I think maybe we need a term like "strongly voluntary," to parallel
"strong crypto." A key escrow system which can have arbitrary escrow
holders--company lawyers, grandmothers, computers in other buildings,
etc.--is "strongly voluntary." A government-sanctioned program which
authorizes, approves, regulates, and controls escrow holders is *not*. GAK
is not strongly voluntary, even though it will be sold as a "voluntary"
Views here are not the views of my Internet Service Provider or Government.
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] 408-728-0152 | anonymous networks, digital pseudonyms, zero
Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^756839 | black markets, collapse of governments.
"National borders are just speed bumps on the information superhighway."