Comment by giantg2
1 year ago
I don't see anything in that link explaining how one could verify age while remaining anonymous to all parties. How does one verify the age is correct and associated with the true person? It also seems the cert is for specific sites. So doesn't that mean the identity provider (trust anchor?) who verified the age now has a list of which sites you're using your certs on sinc eyou must define a reciever (recipient domain?)? Maybe you can explain the flow in an example?
>So doesn't that mean the identity provider (trust anchor?) who verified the age now has a list of which sites you're using your certs on sinc eyou must define a reciever (recipient domain?)? Maybe you can explain the flow in an example?
When a trust anchor does verification and issue you the certificate, you get a PEM file, their connection to the process is done. Yes they know who you are but can't track what you do with the certificate after they issue it to you.
On the other hand if you were to use that certificate to commit a crime, the signature will provide access to the trust chain, thus law enforcement could use it to find you by reaching out to the issuer. This is a feature not a bug, it combines privacy and accountability, no different from conventional non-digital world expectations.
The use of receiver id, happens after you have the certificate, the issuer is not involved. The receiver id is for the benefit of the receivers of signatures from your certificate, it allows them establish a sticky anonymous cryptographic identity for you without knowing who you are, this is a way again to have privacy while having accountability. This demo touches on the approach: https://www.youtube.com/watch?v=92gu4mxHmTY
Reach me via my profile if you're interested in knowing more.
Yeah, so the government can track you, and really anyone who gains access to the signature and trust chain can track you. The trust anchor also has to verify your identity to verify your age in order to issue the PEM file.
So to answer my original question - no, you can't anonymously verify age. Someone has to verify your identity (a central authority in my comment, which in your system is a trust anchor) and your signature can be tracked back to you (as a fearure).
I missed your concern about pure anonymity in the whole process, the answer is NO.
You can't have such a system that is totally anonymous, it is private but not anonymous. This means it is largely anonymous but for instance law enforcement might be able to track you down...I happen to think this is a good balance though I am sure not every one agrees.
1 reply →