[4264] in cryptography@c2.net mail archive
Re: Crypto for some of the DNS/TM mess
daemon@ATHENA.MIT.EDU (Anonymous)
Wed Mar 3 14:53:20 1999
Date: Wed, 3 Mar 1999 20:21:56 +0100
From: Anonymous <nobody@replay.com>
To: cryptography@c2.net
Ben Laurie wrote:
> Anna Lysyanskaya wrote:
> [...]
> > Or we may insist that the CA gives out only one
> > credential of validity per user, and then anyone can determine which set
> > of domains belong to the same user.
>
> Surely this is where it all falls apart? You can insist all you like,
> but how is a CA to achieve this, in practice? For example, I have at
> least 3 different "identities" I have legitimate claim to (i.e. at my
> home, another house I own and work) and that's without getting clever.
> And please, no US-centric answers. SSNs are out (as well as not working
> anyway).
In this regard, a fully identified system is no better than the
pseudonymous system. In the current approach, your identity and other
contact information is in the whois database. There is nothing to stop
you from using your three different "identities" and appearing to have
three different entries in the database.
In practice, the main concern seems to be with people who reserve
hundreds or thousands of domain names, hoping to make money out of
selling them. See http://www.NetIncome.com/ as one example. At least
one list member was surprised to find that his own surname had been
reserved in this manner. It would be good at least to be aware of when
this is happening, with possibly some measures being taken to limit this
practice, as Anna proposed.
The ability to register a few identities which would survive a challenge
won't be too helpful for people who want to secretly register thousands
of DNs without their duplicity being detected...
