How about a social worker working with AIDS patients. The AIDS
patient wants to remain anonymous (let's even be more specific --
let's say the Red Cross Blood Donations, assuming they could be done
electronically, but to give you a real-world picture of what I'm
talking about).
The client (donor) is talking to the worker. You want continuity of
conversation, therefore you need digital signatures, since you know
that if the same key signed a number of messages, they must have all
come from the same entity. Also, you want privacy, since you don't
want anyone else to see the messages, therefore encryption is a must
as well.
"Ok," you say, "you haven't said why I need anonymity." Again, I go
back to my assumption: you have an AIDS patient, or a blood donor, and
this client doesn't want the service provider to know who he/she is,
for privacy reasons among others. Would you want the world to knowt
that you had AIDS? In this world of racism and fear, that would make
you an outcast! But if someone only knows that "the owner of this key
has AIDS", then your personal privacy is still held.
Ok, what about payments? The service provider (let's go back to the
social worker or doctor) wants to be paid for their services? You use
digicash! Digicash, too, is anonymous (or, at least, it can be).
It now becomes feassible to maintain a truly anonymous conversation
between two anonymous entities, and even charge for the services of
the conversation! And no one *needs* to know the identity of the
other person.
I hope this helps clear things up.
-derek
Derek Atkins, SB '93 MIT EE, G MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
warlord(_at_)MIT(_dot_)EDU PP-ASEL N1NWH