[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ID point semi-off-topic] Re: using PGP only for digital signatures

On Sat, 4 Nov 1995, Timothy C. May wrote:

> Pop Quiz: If you are a citizen of the U.S., prove it.
> As has been said several times recently, for the purposes of law, non-U.S.
> citizens who reside in the U.S are effectively "U.S. persons." Subject to
> U.S. law and generally having the same legal rights. (Can't vote. Can be
> drafted. Must pay taxes. Must have a SSN. Must obey traffic laws. Must not
> discriminate against the differently clued, etc.)

All true.

> Consider this: most people in the U.S. do not have a "credential" that
> shows them to be U.S. citizens. (Hint: most people in the U.S. do not have
> passports.) They have driver's licenses, which say nothing about
> citizenship (at least California and Virgina licenses do not). Social
> Security cards are the same.
> (Second hint: most people are hard-pressed to locate a birth certificate
> for themselves. Many people take the easy way out and simply buy a new one
> for the $25 a good one costs.)
> Therefore, there are few ways that citizenship can be "checked." Period. A
> foreigner who wishes to "prove" his non-U.S. status could, of course, show
> his green card. But this is different from proving citizenship.

A green card, by itself, also fails to prove legal status.

Proving legal residency requires a combination of two documents, one each
from specified lists. Most commonly a driver's license, green card (which
is actually pink), or birth certificate from list A, and a social
security card from list B. 

Chris Hibbert's SSN FAQ talks a little bit about how this works, and why
it's a Good Thing. Basically, for privacy and security reasons, it is a
very good idea to separate the issues of identity and authorization.

I don't care how securely you can authenticate who I am -- by PGP, retinal
scan, whatever. I do not want a single digitizable token to be the key to
my identity. Even if that identity cannot be forged (and everything can be
forged), it can be used to track me, by the government, by the Direct
Marketing Association, by the private investigators of certain wacky
cults, and by TRW. And I suppose by those secret government types at SAIC
who, we are told, control the Internet now :-)

It is a little inconvenient, but this is why it's a Good Thing that you
need a separate driver's license, social security card, credit card, phone
number, PGP key, password, thumbprint, and retina. I would oppose moves to
combine them to a single unified "mark of the beast," as it were. I am a
little uneasy about the otherwise very cool First Bank of the Internet for
this reason. If you use FBOI, I'd recommend using a PGP key separate from 
your usual PGP key.

Crypto fans need to recognize that the ability to securely prove your 
identity is not an unmitigated advance.

Of course, all the crypto fans here are also pseudonym fans.

> As to the point about students impersonating faculty, if the faculty starts
> signing their messages (doubtful), then no one can impersonate _them_.
> (Except that it sounds like all this PGP stuff is to happen on campus
> computers, in which case there are several ways their private keys and
> passphrases can be snarfed.) The issue of a "credential" for faculty
> members, something that says "This person is a member of the Foo U.
> faculty," well, this is a different kettle of fish; such credentials are
> not part of the PGP system, though webs of trust could in principle be used
> in a klugey kind of way.

This is a job for private key cryptography, like kerberos.