Do we need X.500's unique names on the Internet? Or, unambiguous X.509 names? No. And, surprisingly, the solution may solve another historical flaw in public-carrier communications. No one needs a unique name over the Internet, nor a unique e-mail address, nor even a un-ambiguous name in order to be uniquely identified. Neither globally nor locally. Everyone can use their own common names if they so wish, or any pseudonym they desire. This note shows that this is not an issue for security -- while a recurring subject, an Internet myth. The solution depends on two well-established developments: logical semantics and public-key crypto. Logical semantics, not very well-known, was pioneered by Frege and recognizes that a common name has two quite independent components: reference and sense, where the names's reference is its syntactic value and the name's sense is its semantic value. In other words, a name is viewed as a logical proposition which two independent attributes, the name's sense representing the name's truth conditions and the name's reference representing the name's truth values. Thus, as fully described in the paper http://www.mcg.org.br/trustdef.htm/#A.4.3, the semantic theory advanced by Frege shows that an unlimited number of entities can share the same reference (i.e., the same syntactic expression, such as "John Smith") and yet each one can be uniquely identified by their sense (i.e., each referent can be uniquely reached if and only each referent has a unique sense). The question is, how to convey the different senses? To show how that is possible one needs two results, first: - the paper proves that certificates can fully carry references, but not sense -- not even partially and however minute. While this provides an irrefutable mathematical reason for the total uselessness of certificates to convey sense, it also shows that certificates can wholly contain the name's reference -- securely and as detailed as needed. - the paper proves further that the link between the wholly-transported reference and sense is provided by "proper trust", an essential mathematical property in communication systems (as defined in the main section of the paper). Thus, in the same way that happens today but has not been mathematically proved before, even though intuitively felt by many, a certificate is only meaningful (i.e., has meaning or, sense) when there is some degree of trust associated with its signature and, each one of the certificate's data is meaningful inasmuch as it is atomically trusted to some extent. Which points out the key role played by trust in certification, in spite of the rethoric being usually centered on the syntactic aspects of its encoding, cryptography and name schemes. So, an entity's name can be ambiguous as long as the sense is not ambiguous. References are securely transported by cryptographic certificates and the link between sense and reference is provided by "proper trust". However, how can that be deemed useful now, when contacting different referents that have the same reference? This question leads to the essential role played by crypto, which is not only a basis for certification but is also needed to provide for encryption/decryption. The final step is simple. Clearly, one hundred people could share exactly the same name and e-mail address and yet each could receive and send unique and private messages by using different crypto keys -- which have been uniqely assigned in the first step. Now, even though common names are just references, they are however good hooks for those keys. But if you go to the wrong hook by mistake or because of name overloading ... no problem, the key will differ. Thus, contrary to widespread belief, there is no reason to demand unique names or addresses in order to afford Internet security. The world can continue to use its historical practices. Clearly, if something or someone has a globally unique name then, that is advantageous just like a globally trademarked name is useful -- by providing zero collisions. But, as above, any number of collisions can be handled by proper cryptography and proper trust. Clearly, this presents also a side benefit of enforcing by protocol at least some minimum form of point to point cryptographic certification and encryption in day to day communications -- which would tend to make it essential and thus to be accepted by law and granted worldwide as everyone's basic right to be identifiable, since there is no other technical solution (the paper proves in other sections that biometrics and even bio-implants cannot provide a solution either). To the effect that privacy and security can come as a bonus from the technology, allowing communication engineering to correct telephony's mistake of providing easy access to security and privacy breaches. Which solves the historical flaw in public-carrier communications: they are also content-public, with eavesdropping built-in. There are other benefits to this approach, not the least being the "household effect" -- where crypto can become a household word and thus deserving to be widely accepted without the psychological blocks that derive from its historical use by criminals, spies, and other despicable abuses. As an example of technology's reach by the household effect, not long ago possession of a simple radio receiver had to be registered with proper authorities in some countries and possession of even weak radio transmitters demanded a license -- possession of a transmitter was viewed with suspicion, criminalized. But with transistors it became evident that any $5.00 could allow one to make either a receiver or a transmitter, which lead the way to its present better and un-criminal status. The same can happen with crypto, as it can cost less than $5.00 and can be as essential to day to day life. It depends on the technical community to show that to the general public, communication companies, e-businesses, and governments. Crypto is in everyone's best interest and, when linked with "proper trust", can completely solve the current name and address ambiguity that plagues the Internet and e-business, while providing both an irrefutable reason and a good argument to restore privacy to one's private communications. To those that may argue that "proper trust" is not so easy to grasp and is a weak point, it is easy to point out that this is not a feature of the method, but a feature of sense. Sense cannot be transported in certificates, even if the certificate includes a thousand references and even if you have a thousand certificates, all from different issuers. The paper provides a full mathematically rigorous discussion of why the referential theory of meaning fails, as initially proved by Frege, and why certificates can just transport references, never sense. Thus, certificates have no meaning per se -- even with so-called unique names, notwithstanding the names being local or global. Comments welcome. Cheers, Ed ______________________________________________________________________ Dr.rer.nat. E. Gerck [EMAIL PROTECTED] http://novaware.cps.softex.br --- Meta-Certificate Group member, http://www.mcg.org.br --- +-------------------------------------------------------------------------+ | Administrative requests should be sent to [EMAIL PROTECTED] | | List service provided by Open Software Associates, http://www.osa.com/ | +-------------------------------------------------------------------------+
