At 05:31 PM 3/3/99 +0000, Ben Laurie wrote:
>Anna Lysyanskaya wrote:
>> Or we may insist that the CA gives out only one
>> credential of validity per user, and then anyone can determine which set
>> of domains belong to the same user.
>
>Surely this is where it all falls apart? You can insist all you like,
>but how is a CA to achieve this, in practice? For example, I have at
>least 3 different "identities" I have legitimate claim to (i.e. at my
>home, another house I own and work) and that's without getting clever.
This is the irreducible problem of credential systems, much like the "but
how do we get money into the system" question for anonymous
ecash. Generation of the isa-person credential is a hard problem. No one
has a good answer yet. The easiest way to accomplish this, IMHO, is to
push the problem off to someone else. The NIC could simply mandate that an
applicant needed to get first get an isa-person credential from some
third-party local to the user. Verisign, USPS, Inland Revenue, etc. It
would be up to these agencies to validate the identity and create the
initial cert in such a way as to prevent a user from getting an isa-person
from every third-party out there.
BTW, you may think you have three identities, but you only get one
isa-person credential. This token ties a key to a particular piece of
meat. Any other credentials are keyed off of this one, but using a
mechanism which makes it impossible to link the credential back to the
isa-person credential without the help of the person to whom the credential
was issued.
Now none of this prevents you from paying someone who is not a part of the
system (e.g. some random homeless person, etc.) to get an isa-person
credential and giving it to you. There are other weaknesses of such a
system when it is only used in isolated cases, but in general a credential
system is what you would want to use to accomplish the original goals set
forth here.
>> A reasonable way of preventing
>> users from having too many domain names is: set a limit to how many
>> domain names can be registered with the same credential of validity (say,
>> ten) and how many credentials of validity a CA grants (say, ten). [...]
>
>Same problem.
Not really. Under a Chaumian credential system the applicant would take
the isa-person credential to the NIC and request a domain. The NIC would
then ask the user to prove that the isa-person credential they are using
does not already have more than 9 domains registered to it through a
somewhat elaborate proof. (With credentials it is almost always easier to
prove a negative response to a query, so you arrange the system such that
in order to get something you must prove they you do not meet some
disqualification criteria.)
jim