anonymity +- credentials
bear
bear at sonic.net
Fri Oct 3 18:05:47 EDT 2003
On Fri, 3 Oct 2003, John S. Denker wrote:
>We need a practical system for anonymous/pseudonymous
>credentials. Can somebody tell us, what's the state of
>the art? What's currently deployed? What's on the
>drawing boards?
The state of the art, AFAIK, is Chaum's credential system.
One important thing to remember about any pseudonymous credentials is
that they can't possibly say anything bad about the holder more
important than what they say that's good. If it isn't better to have
them than not have them, the holder will just abandon them.
This applies most strongly to pseudonymous credentials, because
pseudonymous systems are typically a lot easier to create a new
credential with and the cost of credential abandonment is lower. But
this doesn't just apply to pseudonymous credentials. People treat
even the "absolute identity" credentials exactly the same way, when
"is-a-citizen" and "is-a-person" and other fundamentals are no longer
more important than "is subject to involuntary military service" or
"is wanted by the FBI" or "Convicted an abortion clinic bomber" or
"Testified against the Mafia" or "Was one of the protesters at
Tiannanmen Square."
Basically, when your credential gives people (enemies of the state or
servants of the state, makes no difference) a reason to want to kill
you, or otherwise do you harm, you have to analyze keeping that
credential in terms of risks and benefits. Pseudonymity brings this
aspect of identity credentials to the fore, but it doesn't begin and
end with pseudonymity.
Bear
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list