[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Certificates, Attributes, Web of Trust

Timothy C. May wrote:
> I have often said "You are your key." That is, keys have priority over
> names, even True Names. The biometric True Name identity of a person
> holding a key is only _another attribute_ of the key. Maybe important,
> maybe not. It depends on the nature of the transaction.
> But I go further: a huge number of interesting applications of strong
> crypto have no connections at all with physical persons, let alone with
> True Names. Agents in computer transactions, applets fired across networks,
> agoric entities in computational ecologies, BlackNet sorts of markets, and
> on and on.
> The notion that a cryptographic key needs to be tied to a physical person
> is deeply flawed.
> The talk of certification authorities is OK, so long as the practice is
> _completely_  and "strongly" voluntary (*).

  How about if the systems allows you to get a certificate that
has any name in it that you want, where the issuer makes no
claims about the identity of the owner of the certificate?
How about if the software lets the user decide which CAs they
will accept certificates from?  Given these two features,
would you still consider requiring a certificate to be bad?


Jeff Weinstein - Electronic Munitions Specialist
Netscape Communication Corporation
[email protected] - http://home.netscape.com/people/jsw
Any opinions expressed above are mine.