"$MTP" and Extra Added Crypto(TM) (was Re: Throw away the
Internet and start over?)
R. A. Hettinga
rah at shipwright.com
Wed Apr 23 15:33:27 PDT 2003
At 1:38 PM -0400 4/23/03, Eric S. Johansson wrote:
>>>associate a sender with an authenticated identity in current mail
>>>you can persuade everyone to adopt S/MIME or PGP/GPG.
>> Yes. That's exactly the idea.
>just a brief note because I don't have the time to fully go to this in detail.
>Associating a sender within authenticated identity is a really bad idea.
Woops. Getting dotty in my upper middle age...
That's what I get for not paying attention.
Eric's absolutely right. There is no need, whatsoever, for "authenticated identity", whatever that is.
All you need is a key. Period. Unassociated with nothing except the mail/money that's being sent. Among other things, that kind of thing is implicit in various bearer-transaction financial cryptography protocols.
Certification hierarchies are neither, and the ultimate CRL is to ping the signer in real-time.
Etc, Etc., yaddayaddayadda...
Who thinks that "identity" is a mystical concept, and, as such, is not worthy of much serious thought.
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
More information about the FoRK