Policy-Discussion

[Ian Grigg <iang AT systemics.com>]

On Thursday 21 July 2005 02:40, Duane wrote:
> Ian Grigg wrote:
> > CACert is collecting a lot of information on people.
> > That information becomes a bit of a datamine when
> > there is enough of it.  What system or policy is in
> > place to protect the information?
> 
> Yet another policy that needs to be created, there is a lot of things
> that occur that needs a policy written for it.

OK.  Well, I'm surprised that wasn't part of the audit
process.  Huh.  Maybe I'm not surprised :)


> > There is a reason you are collecting all this information.
> > Why is that?  What is the reason you have to have my
> > name and my dob on file?
> 
> Data points to uniquely identify people as govt issued ID and other
> things aren't a good way to uniquely identify people, nor something
> desirable to keep on file either, so it's a case of damned if you do and
> damned if you don't...


There's a sort of unwritten law in PKI that PKs can
only be given to 'people' (which in this context means
natural people and legal people or companies).  It
may be that what CACert is really saying is that:

    a.  CACert provides certificate issuing for people.
    b.  in order to do that, CACert must satisfy itself
        that all "members" are people.

Or it may be something else?  But consider, if it is
just (b) then it would be plausible to do it in a different
fashion.

Or maybe CACert is taking the *pragmatic* approach
which is to say we have to identify people in a strong
fashion, because otherwise we'll never get anywhere
in the community of CAs, and that is critical to our
acceptance in the future?

Either way, whatever the reason, without understanding
it, it won't be possible to create policy in a cohesive
fashion.

> But for other people to verify IDs there needs some unique key fields to
> enable them to do this.

Then there are a bunch of questions:

1.  what is the best way to 'identify' people?
2.  who can get access to this information?
3.  what can we do to protect it?
4.  in what forms does the info exist and what are
    the regimes for each piece of info?
5.  do we key everything on some external
    datum or on our own internal number?

So let's say I'm an attacker and I want to get the scoop on
someone.  How would I do that?  Become an assessor and
just access the database?  Bribe an insider to reveal it to
me?


iang
-- 
Advances in Financial Cryptography, Issue 2:
   https://www.financialcryptography.com/mt/archives/000498.html
Mark Stiegler, An Introduction to Petname Systems
Nick Szabo, Scarce Objects
Ian Grigg, Triple Entry Accounting