[4267] in cryptography@c2.net mail archive
Re: Crypto for some of the DNS/TM mess
daemon@ATHENA.MIT.EDU (Anonymous)
Wed Mar 3 15:56:35 1999
Date: Wed, 3 Mar 1999 20:04:09 +0100
From: Anonymous <nobody@replay.com>
In-Reply-To: <Pine.GSO.3.96.990302220321.23032B-100000@boxster>
To: cryptography@c2.net
> > The setting in the physical world:
> > ---------------------------------
> > 1. There is a trusted center that is able to verify the physical identity
> > of whoever approaches it. The first time an individual approaches the
> > system, the cost of this might be high (however I don't see how to avoid
>
>
> My heart sank. Trouble cases are a very very small fraction of total
> registrations. Everyone seems to agree that a solution that imposes high
> front=end cost is a non-starter.
Don't throw out the baby with the bathwater. The system should be able to
be modified along the lines suggested in a posting to coderpunks (did you
see that one?). Don't do validation at the time the initial credential
is issued. Instead, do the validation at the time of the challenge.
Someone has to do the validation - it has to be a human being. That person
is going to make a phone call, or visit an address, or send a message, or
do something to see whether the contact information is correct. Call
the person who does this the arbiter - he is not an owner of any of the
databases involved.
The pseudonymous registrant of the DN tells the arbiter which entry in
the contact database is him. He uses the credential system to prove
the necessary relations. The arbiter then does whatever checks are
necessary to verify that the contact information is valid, and reports
the results.
This approach back-loads the contact costs but still works within the
framework of a credential system.
Satisfying requirement 3, letting people see which DNs are owned by
the same person, can be easily satisfied in the context of a credential
scheme as well. Each user has just one nym for all the DNs. Then any
owner has only one credential in that domain, and he uses it for all
his DN registrations.
The high-efficiency credential system in the Lysyanskaya paper may
not be the best choice for this system. It is a one-use credential,
while we would want a multiple-use credential so that multiple DNs can
be owned by the same nym. The new feature of the Lysyanskaya system
is that people are discouraged from sharing credentials (sharing one
of your credentials shares all of them). That is useful if there is
an infrastructure for using nyms and credentials throughout society.
But as discussed earlier, a cheater doesn't need to share credentials
in this application; he can simply collude with others to have them
register DNs in their own name, to the same effect.
