continuity of identity

[Anne & Lynn Wheeler]

Trevor Perrin wrote:
> One pragmatic issue is that it would be nice if you could form
> "continuity of identity" bindings to existing 3rd-party-managed
> identities as well as self-managed identities.  If the client records an
> identity as something like (CA cert, domain name), then this identity
> would remain stable across end-entity key and cert changes regardless of
> whether the CA cert is self-managed or belongs to Verisign.  Tyler
> Close's Petname Toolbar [4] is an excellent implementation of this concept.

note this verges on my theme of confusing authentication and
identificaton. one of my examples is the opening of an off-shore
anonymous bank account and providing some material for use in
authentication ... say tearing a dollar bill in half and leaving
one-half on file ... to be matched with the other half in the future.

registration of public key can provide continuity of authentication ...
that the current entity is the same as the original entity ... and any
issue of identity is orthogonal ... aka the registration of public key
for authentication of continuity is orthogonal to the issue of whether
there is any associated identification information.

this is somewhat one of the holes that x.509 identity digital
certificates dug for themselves ... effectively starting out with the
premise that the most trivial of authentication operations were mandated
to be turned into heavy weight identification operation.

of course it is possibly one of those established nomenclature
convention things ... that the popular convention now has references to
identity and identification so terribly confused with even trivial
authentication operations ... that it may be impossible to unwind the
damage done.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com