"$MTP" and Extra Added Crypto(TM) (was Re: Throw away the Internet and start over?)

R. A. Hettinga rah at shipwright.com
Wed Apr 23 15:33:27 PDT 2003


At 1:38 PM -0400 4/23/03, Eric S. Johansson wrote:
>>>associate a sender with an authenticated identity in current mail
>>>use, unless
>>>you can persuade everyone to adopt S/MIME or PGP/GPG.
>> 
>> 
>> Yes. That's exactly the idea.
>
>just a brief note because I don't have the time to fully go to this in detail.
>
>Associating a sender within authenticated identity is a really bad idea.

Woops. Getting dotty in my upper middle age...

That's what I get for not paying attention. 

Eric's absolutely right. There is no need, whatsoever, for "authenticated identity", whatever that is.

All you need is a key. Period. Unassociated with nothing except the mail/money that's being sent. Among other things, that kind of thing is implicit in various bearer-transaction financial cryptography protocols.


Certification hierarchies are neither, and the ultimate CRL is to ping the signer in real-time.

Etc, Etc., yaddayaddayadda...

Cheers,
RAH
Who thinks that "identity" is a mystical concept, and, as such, is not worthy of much serious thought.
-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'


More information about the FoRK mailing list