----- Original Message ----- From: "Peter Tomlinson" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, January 12, 2004 09:34 Subject: Re: [Muscle] White Card
>First, in the study that I worked on, govts are not seen as TTPs except for >each other - i.e. the idea is that you can (within the EC) take an ID card >from country A and go and live and/or work in country B and be identifiable >there with country A's ID card). An interesting idea with one HUGE stumbling block: The identity itself. In Sweden (who is ahead in this respect) we have a national ID. Such IDs are useful but have a problem: National IDs only make sense in the context of a national e-government. That is, a Norwegian "gastarbeiter" in Sweden using his/hers Norwegian ID would not be recognized even if this person has obtained a temporary (alien) national ID. Unless it is in the form of a certificate and then you are back to square one. So when the Swedish government say that they eventually must support other EU-IDs, they are simply lying. Their systems are not designed for this because that would require a "mapping" layer. But X.509 is very ill-suited for mapping but that is a story much too long for this list. In Sweden there are thousands of different public entities. WHO should be the issuer? >The long running chasm (thousands of years old) between bankers and central >govts hasn't disappeared. I'm not up to date on this one. >That's why govts and bankers each want to issue certificates once a smart card is >used. Ok. >They will not accept self-issued >certificates because they want to be able to revoke them by destroying the >token that the individual holds (black listing (revoking) is only the first >stage), Absolutely. >and they think they have to be the issuer (and control the TTP so >that it becomes no longer a third party) in order to be able to destroy. The cost for being an issuer is very high. This makes TTPs a good solution. >However, here in the UK the banking system worked extremely well for a long >time without needing TTPs (although I do remember being given my first bank >account because my father took me along to the bank where he banked) - until >it was decided that banks had to be policemen, and so we have a situation >where we fool ourselves into thinking that using a utility bill as 'proof of >activity in society' is good enough to be registered with a so-called TTP (that might be controlled by either commerce or govt). This situation is different in every country but I believe the following should be valid: government and banks have possession to the same means to identify people with. Also, I believe that you may bind a key to a "body" using DNA giving new possibilities to establish a "relative binding" instead of an "absolute binding" (true name, origin, data-of-birth etc). >Gore Vidal quoting someone who quoted an ancient thinker wrote that >societies go through a cycle of 4 states: chaos, theocracy, autocracy, >democracy and back to chaos. He believes that western democracy is heading >into chaos (even as some try to take it back into autocracy). (Hope I got >the sequence right.) The chaos is not due to TTPs but due to the lack of knowledge of people which makes identification troublesome. Therefore I propose that TTPs should go for relative (or body) binding because this will long-term increase quality without much work. The important thing is not that the identity is "right" but that it is not stolen from somebody else. Anders _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
