The point I was really trying to make, though, was whether the
experience with using credit cards as ID in the real world provides any
lessons for the use (or misuse) of credit card companies as
"certification authorities". A credit card company provides a
credential or certificate which includes a user name, credit card
number, and public key (I am not familiar with the details of the
various proposals, but I gather that similar information is included).
They are worried (it is suggested here) that people will take those and
use them to prove identity in other contexts. Merchants might demand
to see those credentials in order to be sure of the identity of the
person they are dealing with. This could raise a liability issue for the
CC company if the identity is faked.
(Do I understand the issue correctly? I confess that I don't see exactly
what situation people might take a credential/certificate from a credit
card company and use it for identification in such a way that the credit
card company would object. Perhaps a concrete example would be helpful.)
To me this situation sounds very analogous to the one where credit cards
with names on them are used to facilitate various transactions which may
not involve the credit card companies directly. Was there a liability
concern there, that if someone got a Citibank card in a fake name and
some other person relied on their identity, then Citibank could get sued?
I don't recall the issue being framed in those terms.
Hal Finney