> I've been reading Stefan Brands' dissertation, and I think it would really
> help motivate the ideas and aid in understanding them to have a sample
> application design that uses his secret-key certificates to do things that
> can't be done with normal public-key certificates.
No dissert here, but judging from earlier papers by Stefan Brands,
his problem domain is similar to that of the previous work on anonymous
credentials. The idea is that you want to give out, say, "good credit
risk" credentials, but you want them to be anonymous. The holder can
transfer them from one pseudonym to another, receiving a credential
for pseudonym A and showing it for pseudonym B, without allowing third
parties to link the pseudonyms.
Cash systems are closely related to credential systems and are also
covered by Brands' work. His systems are very pretty mathematically
and concise as well.
A secret key certificate appears to be conceptually similar to a blind
signature (aka blind certificate). It seems possible that the distinction
is motivated by patent issues as much as by technological ones.
Hopefully these points will offer some guidance; without access to the
dissertation it is hard to be more specific.
