[anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal at finney.org) (fwd from touch at ISI.EDU)
Anne & Lynn Wheeler
lynn at garlic.com
Mon Sep 13 15:16:17 EDT 2004
At 11:43 AM 9/11/2004, Peter Gutmann wrote:
>So in other words it's the same baby-duck security model that's been quite
>successfully used by SSH for about a decade, is also used in some SSL
>implementations that don't just blindly trust anything with a certificate
>(particularly popular with STARTTLS-enabled MTAs/MUAs where you don't want to
>bother with CA-issued certs), and is even used in various X.509 applications
>(via "certificate fingerprints"), although the X.509 folks don't like to admit
>that because it implies that a known-good cert fingerprint is more reliable
>than a CA :-).
i've referred to it as identity agnostic ... as opposed to anonymous ...
even with public key use. the scenario is that the original identity
x.509 certificates created huge privacy issues.
the the current credit card scenario, it carries a name ... in theory
so that the merchant or point-of-sale can cross-check the name against
additional forms of identification .... as a means of authentication (where
the merchant is sort of a stand-in agent for the consumer's financial
institution .... even tho the merchant and the consumer's financial
institution may have significantly different and possibly opposing
interests). in effect it is transforming something that should be purely an
authentication operation (is the entity entitled to perform a transaction
for the account) into a much more difficult (and privacy invasive)
identification operation.
the x9.59 scenario .... is that the transaction is simply authenticated
with a digital signature that the merchant passes thru to the consumer's
financial institution. the consumer financial institution verifies the
digital signature with public key on file for that account. the
verification of the digital signature implies some form of "something you
have" authentication (implies that you uniquely have the corresponding
private key).
it becomes a straight-forward authentication operation and identity
agnostic ... w/o the horrible identity and privacy invasive that can
accompany a x.509 identity certificate.
while it may be possible for various agents to associated the
authentication operation .... the operations themselves, at least don't
carry the possibly mandatory identity information & privacy invasive
information that can be found in identity x.509 certificates.
--
Anne & Lynn Wheeler http://www.garlic.com/~lynn/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list