Mary is Mary (fwd)

Rohit Khare (khare@w3.org)
Fri, 20 Jun 1997 15:01:41 -0400 (EDT)


Forwarded message:
X-Authentication-Warning: blacklodge.c2.net: majordom set sender to owner-spki@c2.org using -f
Message-Id: <3.0.2.32.19970620134206.036b9af0@cybercash.com>
X-Sender: cme@cybercash.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.2 b4 (32)
Date: Fri, 20 Jun 1997 13:42:06 -0400
To: "E. Gerck" <egerck@laser.cps.softex.br>
From: Carl Ellison <cme@cybercash.com>
Subject: Mary is Mary
Cc: "Brian M. Thomas" <bt0008@entropy.sbc.com>, spki@c2.net,
Stefan.Hoeben@esat.kuleuven.ac.be
In-Reply-To: <Pine.LNX.3.95.970522173107.12212G-100000@laser.cps.softex.
br>
References: <199705221605.LAA05763@entropy.sbc.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Sender: owner-spki@c2.net
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

At 06:54 PM 5/22/97 -0300, E. Gerck wrote:
>However, if Mary also co-signs the certificate that still proves nothing
>because the verifier has no way of knowing that Mary *is* Mary -- say, by
>independent channels of information and must only trust Jon, again.

Knowing "Mary *is* Mary" harks back to the way humans lived all our lives,
until a few years ago when the Internet went popular. That is, we lived in
small closed communities where names meant something. We no longer do. The
mapping between the text string "Mary Smith" and some 3D world person is not
commonly known to everyone who might be involved in some transaction.
Therefore, the notion that "Mary is Mary" has no definite meaning -- not like
it had in the days when you were born, lived and died in a small community
where everyone knew everyone else and all names in that community were
unique and unchanging to a very high probability.

The X.500 attempt to make a global name directory and the commercial CA
attempt to bind such names to physical people are attempts, in a way, to
address this new reality. However, they are IMHO misguided. The issue is
that contacts between physical people are for many purposes never involved
so the mapping to them (or from them or, worse, through them) is irrelevant
at best and a design flaw at worst in a system design which supports the
cyberspace contact and transactions between people. A global name space is
so large that it's no longer even useful for knowing with certainty that you
have the mapping to a person you really have met in the 3D world. That's
why SDSI dropped the global name space as a dead idea.

- Carl

-----BEGIN PGP SIGNATURE-----
Version: 5.0
Charset: noconv

iQCVAwUBM6rA7VQXJENzYr45AQGSeQQAjbk1816jNnOAt/MHv7Rjb4zwEf+h2Vf8
tLxk8sSEJS3Dc+UauwA97nxiq7a8SuyagsGQweGIRU5Zo6O9eh7KrQ1q3rq0zG3T
EJcGiZNjtL+iO0k62kr+jILGGlc2ifgk+l1EcNBuRZzOGuzwYRDzC+JQ+SyrFABI
1quCQfn9JWg=
=girb
-----END PGP SIGNATURE-----

+------------------------------------------------------------------+
|Carl M. Ellison cme@cybercash.com http://www.clark.net/pub/cme |
|CyberCash, Inc. http://www.cybercash.com/ |
|207 Grindall Street PGP 2.6.2: 61E2DE7FCB9D7984E9C8048BA63221A2 |
|Baltimore MD 21230-4103 T:(410) 727-4288 F:(410)727-4293 |
+------------------------------------------------------------------+