From: Anders Rundgren (anders.rundgrentelia.com)
Date: Mon Jan 12 2004 - 06:39:44 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

----- Original Message -----
From: "Peter Tomlinson" <pwtiosis.co.uk>
To: <musclelists.musclecard.com>
Sent: Monday, January 12, 2004 09:34
Subject: Re: [Muscle] White Card

>First, in the study that I worked on, govts are not seen as TTPs except for
>each other - i.e. the idea is that you can (within the EC) take an ID card
>from country A and go and live and/or work in country B and be identifiable
>there with country A's ID card).

An interesting idea with one HUGE stumbling block: The identity itself.
In Sweden (who is ahead in this respect) we have a national ID. Such IDs
are useful but have a problem: National IDs only make sense in the context¨
of a national e-government. That is, a Norwegian "gastarbeiter" in Sweden
using his/hers Norwegian ID would not be recognized even if this person
has obtained a temporary (alien) national ID. Unless it is in the form of
a certificate and then you are back to square one. So when the Swedish
government say that they eventually must support other EU-IDs, they are
simply lying. Their systems are not designed for this because that would
require a "mapping" layer. But X.509 is very ill-suited for mapping but
that is a story much too long for this list.

In Sweden there are thousands of different public entities. WHO should
be the issuer?

>The long running chasm (thousands of years old) between bankers and central
>govts hasn't disappeared.

I'm not up to date on this one.

>That's why govts and bankers each want to issue certificates once a smart card is used.

Ok.

>They will not accept self-issued
>certificates because they want to be able to revoke them by destroying the
>token that the individual holds (black listing (revoking) is only the first
>stage),

Absolutely.

>and they think they have to be the issuer (and control the TTP so
>that it becomes no longer a third party) in order to be able to destroy.

The cost for being an issuer is very high. This makes TTPs a good solution.

>However, here in the UK the banking system worked extremely well for a long
>time without needing TTPs (although I do remember being given my first bank
>account because my father took me along to the bank where he banked) - until
>it was decided that banks had to be policemen, and so we have a situation
>where we fool ourselves into thinking that using a utility bill as 'proof of
>activity in society' is good enough to be registered with a so-called TTP
(that might be controlled by either commerce or govt).

This situation is different in every country but I believe the following
should be valid: government and banks have possession to the same means
to identify people with. Also, I believe that you may bind a key to a "body"
using DNA giving new possibilities to establish a "relative binding"
instead of an "absolute binding" (true name, origin, data-of-birth etc).

>Gore Vidal quoting someone who quoted an ancient thinker wrote that
>societies go through a cycle of 4 states: chaos, theocracy, autocracy,
>democracy and back to chaos. He believes that western democracy is heading
>into chaos (even as some try to take it back into autocracy). (Hope I got
>the sequence right.)

The chaos is not due to TTPs but due to the lack of knowledge of
people which makes identification troublesome. Therefore I propose
that TTPs should go for relative (or body) binding because this will
long-term increase quality without much work. The important thing
is not that the identity is "right" but that it is not stolen from somebody
else.

Anders

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle

_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.musclecard.com/mailman/listinfo/muscle

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]