pem-dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: layering as a possible route to consensus

1994-03-23 02:12:00
from [Christian Huitema] [Permanent Link] 
=> The fact that we don't have any idea who we are talking to is not
=> necessarily a problem. We do business with shop-keepers on that basis
=> every day. Why should we tell people we deal with exactly who we are
=> until/unless we need to?

This is a very important point. In our electronic society, we are more and
more leaving electronic finger prints (digiprints?) in far too many places - a
recent and very famous pre-trial inquiry in France involved ATM transaction
archives, hotel PBX's accounting files, motorway toll-both loggings of
frequent travellers subscribtion cards. Today, these files only contain
fractional information and only a judge could summon them and establish the
correlations. I don't think we should make it easy for any random agency to
use such informations. And I am not only meaning the secret polices when I
speak of agencies. Marketing profilers would love that; some companies hire
private detectives to check would be employee's; a free information market
will no doubt create many opportunities. In fact, I believe that we should
make our digiprints as discrete as possible, so that even judges and other
secret polices cannot use them.

I think that we should very clearly evaluate the purpose of our
"identifications" when we are handing a certificate to a third party,
and be careful to provide "just enough" identification for that purpose. To
take an exemple, if the shop-keeper wants to get payed, we may give them a
certificate tying a key that we own to a credit card number, so that he
can establish an invoice, check that the card is not a forgery by verifying
that it is issued by a bank he trusts, and check that the customer owns the
private part of the certificate's public key. There is absolutely no point in
providing the shop with your civil registration, place and date of birth, or
whatever.

As a practical consequence, this means that a user should have many
"certificates", which may or may not relate to the same public key. In fact,
we should have as many certificates as we have credit cards, and we should not
necessarily allow third parties to make a relation between them.

Christian Huitema
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  layering as a possible route to consensus, Bob Smart
Next by Date:  Re: Changes to X.509 certificate format., Mark Wahl
Previous by Thread:  layering as a possible route to consensus, Bob Smart
Next by Thread:  Re: layering as a possible route to consensus, jueneman%wotan
Indexes:  [Date] [Thread] [Top] [All Lists]