[anonsec] Re: potential new IETF WG on anonymous IPSec (fwd from hal at finney.org) (fwd from touch at ISI.EDU)

Anne & Lynn Wheeler lynn at garlic.com
Mon Sep 13 15:16:17 EDT 2004 

At 11:43 AM 9/11/2004, Peter Gutmann wrote:
>So in other words it's the same baby-duck security model that's been quite
>successfully used by SSH for about a decade, is also used in some SSL
>implementations that don't just blindly trust anything with a certificate
>(particularly popular with STARTTLS-enabled MTAs/MUAs where you don't want to
>bother with CA-issued certs), and is even used in various X.509 applications
>(via "certificate fingerprints"), although the X.509 folks don't like to admit
>that because it implies that a known-good cert fingerprint is more reliable
>than a CA :-).


i've referred to it as identity agnostic ... as opposed to anonymous ... 
even with public key use. the scenario is that the original identity 
x.509  certificates created huge privacy issues.

the the current credit card scenario, it carries a name ... in theory 
so  that the merchant or point-of-sale can cross-check the name against 
additional forms of identification .... as a means of authentication (where 
the merchant is sort of a stand-in agent for the consumer's financial 
institution .... even tho the merchant and the consumer's financial 
institution may have significantly different and possibly opposing 
interests). in effect it is transforming something that should be purely an 
authentication operation (is the entity entitled to perform a transaction 
for the account) into a much more difficult (and privacy invasive) 
identification operation.

the x9.59 scenario .... is that the transaction is simply authenticated 
with a digital signature that the merchant passes thru to the consumer's 
financial institution. the consumer financial institution verifies the 
digital signature with public key on file for that account.  the 
verification of the digital signature implies some form of "something you 
have" authentication (implies that you uniquely have the corresponding 
private key).

it becomes a straight-forward authentication operation and identity 
agnostic ... w/o the horrible identity and privacy invasive that can 
accompany a x.509 identity certificate.

while it may be possible for various agents to associated the 
authentication operation .... the operations themselves, at least don't 
carry the possibly mandatory identity information & privacy invasive 
information that can be found in identity x.509 certificates.

--
Anne & Lynn Wheeler    http://www.garlic.com/~lynn/ 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list