[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: anonymous age credentials, sharing of
At 02:38 PM 2/14/96 -0500, you wrote:
>Suppose Alice is a CA who issues anonymous age credentials.
>Bob is 15
>Carol is 25
>
>Carol gets a legitimate anonymous age credential from Alice bound to an
>anonymous public key generated for this purpose. Carol then gives the
>key pair to Bob. Bob uses to do things only adults are legally permitted
>to do. (It's not bound to Carol's everday keypair because that's not
>anonymous....)
>
>What can stop Bob and Carol from subverting a scheme that relies on
>anonymous age creditials in this manner?
>
>If the answer is "nothing" this might mean that purveyors of "adult"
>material might have no defense against a law requiring that they collect a
>True Name + age creditential....
>
>A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
>Associate Professor of Law |
>U. Miami School of Law | [email protected]
>P.O. Box 248087 | http://www.law.miami.edu/~froomkin
>Coral Gables, FL 33124 USA | It's warm here.
>
>
I believe the answer is nothing ... but the situation is no different than
Carol going into Le Sexxey Shoppey, buying a porn-pack of restricted
material, and then giving it to Bob.
As has been said in this forum and others before, in the limit all access
control comes down to positive identification of an individual. Unless We,
the People, want to support permanently binding a traceable, non-anonymous
identity to all certificate attributes that are used in electronic exchange
(age, etc...) then there is going to be the potential for someone to
deliberately allow their credential to be misused.
IMO, to prevent this totally would require implanting a non-forgable i.d.
chip in everyone at birth ..... not very appealing.