Julian Morrison wrote:
 
> a) If you do business with unidentified people, you can be dragged into
> their crimes, you can be swindled, and you can help crime in general
> prosper.

Strictly speaking the problem is not that they are unidentified.  It is
that they are criminals.  Identification may filter out some of the
criminals but it does not filter out all of them and it interferes
with some perfectly legitimate business.  
 
> b) If you force identity and audit trail of all people, you leave people
> no way to bypass pseudocrimes such as being unwilling to be bled white
> by elected thieves. Plus you have to raise your prices to cover the
> workload of playing detective over every transaction.

Right.
  
> The main problem with (a) assuming you're smart enough not to buy into a
> scam is that of unidirectional anonymity. They know and can tell that
> they dealt with you; you don't know them from Adam.

I don't see why unidirectional anonymity *per se* is a problem.  Unless
you mean it allows the innocent, identified party to be scapegoated for
the crimes of the unknown.  ???  

> So the solution
> focusing on (a) is *bidirectional anonymity*. For example an automated
> MM system that matches "want to buy" against "want to sell" in such a
> way as to make an audit trail impossible.

That would be a good business.  But I don't see it as addressing the
crime problem.
 
> The problem with (b) comes in two parts: first, the state requiring you
> to prevent pseudocrimes, second the waste of time and effort. To the
> first part, the solution is validated pseudonymous reputation. To the
> second, an external service providing reputation services. You only deal
> through them, and so you can evaluate the trustworthiness of a mask
> without being required to inform on its wearer.

I think this is a good and promising idea.  But I am not sure it is a 
complete solution.  It would have to be tried and its consequences 
observed.

For this end I have in the past made the following suggestion to a few 
persons on this list.  Establish a functioning PGP path server and sell
access to its services.  [I lack the means, both financial and 
intellectual, to do this myself.]  MMs or whoever could use this tool in 
many ways of their own devising to verify nymous reputation. 

A path server is somewhat like existing key servers but finds and
provides 
endorsement paths between PGP keys.  There have been path servers in 
operation in the past 
     http://www.rubin.ch/pgp/pathserver
but they seem to have gone defunct.

People would generate PGP key pairs ("reputation keys").  [If they wish 
these might lack real names or e-mail addresses.]  People who know each
other 
personally might endorse each other's reputation keys with their own. 
It is
possible to verify possession of the private key of such a key pair
absolutely
and anonymously. 

Consider the following illustration (only one of many) of how this might
be 
used.  Every MM has a core of tested and trusted customers.  The MM
would
endorse their reputation keys with his/her own.  A potential customer
would 
give the MM the public part of his/her own repuation key and demonstrate 
possession of the private part thru a challenge-response.  The MM could 
then look it up on the path server and find how well connected it is
with 
his/her own.  The MM would use the results to evaluate the potential
anonymous customer using criteria of his/her own devising.  For example
I might decide that I will not deal with people who have endorsement 
chains (of people who have no been know to endorse crooks) longer 
than 3 or who do not have at least 2 independent chains of length
less than 5.

The idea behind this is that crooks are likely to know only more crooks 
and so they will be unlikely to secure endorsements from people close to
trusted reputation keys.  For this reason people who are found to have 
endorsed the keys of crooks would lose reputation.  Yet it only takes 
about 5 person-to-person steps to go between any two people on earth so
it should be possible to verify anyone's reputation by this method.

I find the potential in this very promising.  But how effective this 
method actually would be can only only be discovered by trying it.

Best,

CCS

---
You are currently subscribed to e-gold-list as: archive@jab.org
To unsubscribe send a blank email to [EMAIL PROTECTED]

Reply via email to