On Wed, 21 Aug 2002 10:10:33 -0500 Anonymous <[EMAIL PROTECTED]> wrote:
> Some credential issuing schemes, such as those from Brands as well as from > Camenisch & Lysyanskaya, try to avoid credential sharing by embedding > into the credential some secret which is important and valuable to the > credential holder. Then if the credential is shared, the recipient > learns the important secret, to the detriment of the person sharing > the credential. So he won't do it. > > The problem is that there don't seem to be any secrets that will work > well in discouraging sharing. The most obvious is a credit card number, > but this has a number of problems: some people don't have credit cards; > people could cancel their credit cards after receiving the credentia; > and underground hackers have access to thousands of stolen credit card > numbers that they don't mind sharing. > Leaving aside the irony aspects of the original post... The actual problem is of a more practical nature: how can you asses that something is truly valuable to a person and do it in mass production? Diogenes the cynic would not depend on anything but himself. Descartes started by not trusting even his own, himself... A kamikaze will spare his own life for the Emperor. Now again, how can anybody define what is valuable to a given person without thoroughly knowing him/her in depth? And how do you ever know you know someone at all? > Clearly we need a new approach. Here is a suggestion for a simple > solution which will give everyone an important secret that they will > avoid sharing. > > At birth each person will be issued a secret key. This will be called > his Mojo. He will also get the associated public key which will assist > in protocols which involve commiting to his Mojo. The public key can > be revealed but the Mojo should be kept secret at all costs. > Then again, there are abundant examples of fathers giving out their childs for whatever they thought was "common good" or even their own personal interests. Actually, under a more prosaic (like starvation) pressure, the most common human strategy is to give precedent access to food to the parent that does bring the food in. That's only sensible: feeding your kids in preference will starve the producer parent and reduce likelyhood of getting more food in, therefore it is better to have your own kids hungry than to kill the whole family. > Then in a credential issuing protocol, the user embeds his Mojo into > his credential in a provable way. It is important that the protocol > not reveal the Mojo to the issuer, but rather that some kind of zero > knowledge proof be used so that the issuer is confident that sharing > the credential will reveal the Mojo. > And then you have the Mojo of a newborn stealing the Federal Reserve. Or the Mojo of some fanatic who doesn't care. Or that of an outcast who doesn't live by the stablishmen's rules anyway. Or that of a fugitive no one knows where is. Or a fake Mojo issued by a corrupt Mojo issuer in the Federal Mojo Issuing Agency. Or a fake Mojo of an spy. Or that of a dead person whose death has not been reported. Or that of a missing person from your petty dictatorship. Or the Mojo of a newborn stolen/faken by the Doctor at delivery... > Now all that is needed is a simple change to the law so that knowing > someone's Mojo makes him your slave. > Ditto, what use is it having a slave you can't locate, or death ten years ago, or even worst, a kamikaze suiciding against you? Technology is done by human beings -limited as any peer- and thus is limited by its conceiver's limitations. Either you give technologues God-like status and trust (and God save you then) or you can't trust it anymore you would trust the person him/herself. This is the actual message that needs to be conveyed to everyone: there is no technology that will make your life safe. In the end you always have to deal somehow with the Real World yourself. Anyone selling you that a given technology can give you full security on anything at all is actually selling snake oil. The only secure thing in Life is Death. j -- These opinions are mine and only mine. Hey man, I saw them first! Josi R. Valverde De nada sirve la Inteligencia Artificial cuando falta la Natural