[4281] in cryptography@c2.net mail archive
Re: Crypto for some of the DNS/TM mess
daemon@ATHENA.MIT.EDU (Adam Back)
Fri Mar 5 19:42:11 1999
Date: Fri, 5 Mar 1999 23:06:08 GMT
From: Adam Back <aba@dcs.ex.ac.uk>
To: nobody@replay.com
Cc: cryptography@c2.net
In-reply-to: <199903050125.CAA07419@replay.com> (message from Anonymous on
Fri, 5 Mar 1999 02:25:16 +0100)
Anonymous writes:
> Adam Back writes:
> > The basic problem is that chaumian credentials are transferable.
>
> That's a good thing about Anna Lysyanskaya's credential system.
> [...] to let someone else use one of your [...] credentials, you
> have to give them your master private key. This gives them access
> to _all_ your nyms and credentials. They could drain your bank
> account, commit you to harmful contracts, and do similar mischief.
A couple of comments:
- you are correct that this hinders _technical_ transferal of the
Anna's type of proposed credential, however:
- it may be possible to use Matt Blaze's proxy crypto construct to
provide a proxy signing key for the credential if a public proxy
function can be found corresponding to the signature algorithm used.
This would allow signatures to be made without requiring disclosure of
the private key. (Disclaimer: a) I haven't looked at the function
used, b) I don't think anyone has successfully constructed _any_
public proxy functions for any cryptosystems yet)
- you can manually proxy sign data even without proxy crypto -- just
perfectly anonymously sign domain registration documents for £5 each.
The perfect "crime" (and victimless too). I'll borrow a few dozen
non-net friends credentials :-)
> One of the attractions of the DNS idea is that it might be a "foot in
> the door" for a credential system like this. You could take your DNS
> registry information and use it in blinded form for other situations.
I quite agree that chaumian credentials would be very nice for many
applications. However I don't consider why a fuzzily defined "crime"
like buying over some threshold of domain names as a good application.
A better solution to this problem would be an alternate business
directory, more X.500 (ugh) like in the information it allows to be
stored allowing companies to be located by more criteria than simple
company name. eg. country, approx size of company, area of trade,
etc.
> [nice chaumian credential applications]
Adam
