On Wed, 21 Aug 2002 10:10:33 -0500
Anonymous <[EMAIL PROTECTED]> wrote:
> Some credential issuing schemes, such as those from Brands as well as from
> Camenisch & Lysyanskaya, try to avoid credential sharing by embedding
> into the credential some secret which is important and valuable to the
> credential holder. Then if the credential is shared, the recipient
> learns the important secret, to the detriment of the person sharing
> the credential. So he won't do it.
>
> The problem is that there don't seem to be any secrets that will work
> well in discouraging sharing. The most obvious is a credit card number,
> but this has a number of problems: some people don't have credit cards;
> people could cancel their credit cards after receiving the credentia;
> and underground hackers have access to thousands of stolen credit card
> numbers that they don't mind sharing.
>
Leaving aside the irony aspects of the original post...
The actual problem is of a more practical nature: how can you asses that
something is truly valuable to a person and do it in mass production?
Diogenes the cynic would not depend on anything but himself. Descartes
started by not trusting even his own, himself... A kamikaze will spare
his own life for the Emperor. Now again, how can anybody define what is
valuable to a given person without thoroughly knowing him/her in depth?
And how do you ever know you know someone at all?
> Clearly we need a new approach. Here is a suggestion for a simple
> solution which will give everyone an important secret that they will
> avoid sharing.
>
> At birth each person will be issued a secret key. This will be called
> his Mojo. He will also get the associated public key which will assist
> in protocols which involve commiting to his Mojo. The public key can
> be revealed but the Mojo should be kept secret at all costs.
>
Then again, there are abundant examples of fathers giving out their
childs for whatever they thought was "common good" or even their
own personal interests.
Actually, under a more prosaic (like starvation) pressure, the most common
human strategy is to give precedent access to food to the parent that does
bring the food in. That's only sensible: feeding your kids in preference will
starve the producer parent and reduce likelyhood of getting more food in,
therefore it is better to have your own kids hungry than to kill the whole
family.
> Then in a credential issuing protocol, the user embeds his Mojo into
> his credential in a provable way. It is important that the protocol
> not reveal the Mojo to the issuer, but rather that some kind of zero
> knowledge proof be used so that the issuer is confident that sharing
> the credential will reveal the Mojo.
>
And then you have the Mojo of a newborn stealing the Federal Reserve.
Or the Mojo of some fanatic who doesn't care. Or that of an outcast
who doesn't live by the stablishmen's rules anyway. Or that of a
fugitive no one knows where is. Or a fake Mojo issued by a corrupt
Mojo issuer in the Federal Mojo Issuing Agency. Or a fake Mojo of
an spy. Or that of a dead person whose death has not been reported.
Or that of a missing person from your petty dictatorship. Or the Mojo
of a newborn stolen/faken by the Doctor at delivery...
> Now all that is needed is a simple change to the law so that knowing
> someone's Mojo makes him your slave.
>
Ditto, what use is it having a slave you can't locate, or death ten
years ago, or even worst, a kamikaze suiciding against you? Technology is
done by human beings -limited as any peer- and thus is limited by its
conceiver's limitations. Either you give technologues God-like status
and trust (and God save you then) or you can't trust it anymore you
would trust the person him/herself.
This is the actual message that needs to be conveyed to everyone: there
is no technology that will make your life safe. In the end you always
have to deal somehow with the Real World yourself. Anyone selling you
that a given technology can give you full security on anything at all is
actually selling snake oil.
The only secure thing in Life is Death.
j
--
These opinions are mine and only mine. Hey man, I saw them first!
Josi R. Valverde
De nada sirve la Inteligencia Artificial cuando falta la Natural
