[Moderator's note: this is getting a bit off topic, and I'd prefer to
limit followups. --Perry]

On Wed, 2009-08-19 at 06:23 +1000, James A. Donald wrote:
> Ray Dillinger wrote:

> > If there is not an existing relationship (first time someone 
> > uses an e-tailer) then there has to be a key depository that 
> > both can authenticate to, with a token authorizing their 
> > authentication to authenticate them to the other, which then 
> > vouches to each for the identity of the other.  
> Actually not.
> What the seller wants to know is that the buyer's money is good, not 
> what the true name of the buyer is - a service provided by Visa, or 
> Web-money, or some such.

No.  This juvenile fantasy is complete and utter nonsense, and 
I've heard people repeating it to each other far too often.  If 
you repeat it to each other too often you run the risk of starting
to believe it, and it will only get you in trouble.  This is a 
world that has not just cryptographic protocols but also laws 
and rules and a society into which those protocols must fit.  That 
stuff doesn't all go away just because some fantasy-world 
conception of the future of commerce as unlinkable anonymous
transactions says it should.  

In any transaction involving physical goods, the seller also wants 
to know to whom to ship the product.  Since the laws in most nations 
do not require the recipient of an erroneous shipment to return 
the goods and *do* require the seller to give back the buyer's money
if the shipment doesn't go where the buyer wants it, sellers really 
care that the correct recipient will receive the package and really 
need some way to contact the buyer in case there's a mistake about 
the recipient address or identity.  Otherwise you'd get people 
playing silly buggers with the shipping address to get out of paying 
for million-dollar equipment.

The law usually requires that the recipient of defective goods 
or services has the ability to return those goods for a refund 
or obtain a refund in the event of seller nonperformance of 
services or nonshipment of goods.  Since such returns can be 
used to launder money from illegal enterprises, laws usually 
restrict anonymous returns. Therefore the seller needs the 
buyer's (or client's) identity in order to comply with the law.

In information-based transactions involving IP that's subject 
to copyright or trade secret protection (which is effectively 
all of them since other IP can be had for free) the seller also 
wants to know who is the licensee that's bound by the terms 
of the license and who now poses a "risk" of copyright breakage.  
In both cases this is a liability taken on by the buyer, and 
not something that his "money being good" for just the 
transaction price can ameliorate.

In financial transactions The seller also wants to know that s/he 
can comply with, eg, "know your customer" laws and avoid liability
for gross negligence in, eg, money laundering cases.  

In many transactions the seller wants the buyer's identity and a 
liability waiver signed by the buyer so as to keep track of or 
avoid liability for what the customer is going to do with his/her

Most sellers want the ability to offer the buyer credit terms,
especially when large sums are involved.  And even where money 
is supposedly firm (like the money Bernie Madoff's clients had 
in their accounts) it is subject to catastrophic vanishment in
extraordinary circumstances.  The seller needs to know whom to 
sue or at least whose name to put on the forms for their insurance 
claim if contrary to expectations the buyer's money turns out not 
to be good.

If the cert authority does not provide the identity of the buyer 
but asserts that the buyer's money is good, and this turns out not 
to be true (as in the case of Madoff's clients), then in most 
legal systems the cert authority is either liable, or can expect 
to be sued in a very expensive empirical test of liability.  So 
the cert authority doesn't want to be in the business of vouching 
for the ability of anonymous people to pay.  

The only way for the money to be truly firm for these purposes 
is that the cert authority has it in escrow.  This makes the 
cert authority a financial institution and therefore subject to 
"know your customer" mandatory reporting, data retention laws,
subpeonas, and so on.  Also, it introduces a needless delay 
and complication to the transaction that legitimate buyers and 
sellers would mostly rather not have. 

Also, in any large transaction the seller or cert authority or both 
must retain buyer identity information in order to be able to 
comply with subpeonas, inquests, or equivalent writs, for 
periods ranging from zero in a few undeveloped african nations to 
five years in much of the rest of the world. 

In most of the nations on earth, there is such a thing as sales 
tax or use tax on goods or services, and any transaction involving
more than a tiny sum must be reported (with the names of buyer and
seller) to relevant tax authorities.  Even tiny transactions must be 
reported in aggregate, although these usually don't require the 
buyers' names. Since the seller has the legal obligation to report, 
s/he also has the legal obligation to collect identity information 
from his/her clients.

Most nations are very sensitive about cross-border money flows,
have tax laws that apply specifically to international transactions, 
and want to know such things as the buyer and seller identity.  
In this case it is the legal obligation of both buyer and seller
in international transactions to collect whatever information 
their particular nation requires them to have and report it 
according to their particular nation's laws.

And so on.

Maybe in a cypherpunk world where there are no laws other than the 
natural laws of mathematics, no physical world in which goods have 
to be manufactured and delivered, no national borders or third 
parties having a tax or legal interest in transactions, no information 
other than valuable secrets subject to no post-sale copyrights or 
licensing, no liability laws or customers-rights laws whatsoever, no 
taxation, and a bunch of other bizarro-world conditions, the seller 
would not need anything more than the knowledge that the buyer's 
money was good.  

But that's like proving that a pig can fly starting from an assumption 
of an ideal, spherical pig of zero mass.  It is not the world in which 
we live, unless we are black-marketeers in international waters, not 
subject to the laws of any nation.

If you make it "optional" - where people can request a true name etc 
when they need it to comply with law, but don't have to request it 
otherwise - you will find that the number of sellers willing to do 
business with anonymous buyers, and the number of transactions in 
which they legally can do business with anonymous buyers, starts low 
and then drops rapidly as legal troubles and scams of various kinds,  
as well as new laws designed to prevent those troubles and scams, 
catch up to the sellers.

Anyway, nothing's preventing you from building your "unlinkable" cert
system to compete with other forms of commerce.  But in the presence 
of any other system whatsoever, I expect almost no one to use it and
predict that using it or running services that allow people to use 
it will rapidly become illegal in all developed nations.

> Again, you are trying to inject a certificate authority into the middle 
> of a relationship where it is just not very useful.  

Perhaps there are other ways to achieve all of the requirements for a
system that people can use while complying with applicable laws.  I
cannot think of a simpler or more useful one.

> Ebay does not care 
> about true names.

Aside from being irrelevant because ebay does not function as a 
buyer or seller, and only minimally as a cert authority in 
their client's auctions (in particular they do NOT vouch for 
anyone's ability to pay), this is blatantly false.  Ebay cares 
about true names, and linkable information such as bank account
numbers.  Without them it won't let you use its payment system. 
Also, try funding an ebay seller's account using just cash somehow 
and tell me how it goes.  It used to be possible but it's been 
several years since the law bounced on ebay for allowing that and
commanded them to collect true name information from all sellers.

Also remember ebay has to collect its fee from somebody and until 
the auction's conclusion doesn't know how large that fee is going 
to be.  They insist on knowing who that somebody is.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to