Other Directory Sites: SeekWonder | Directory Owners Forum
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28
Anonymous (nobody@replay.com)
Sat, 27 Feb 1999 23:21:11 +0100
Michael Froomkin writes:
> Suppose we move to a system of Domain Name registrations in which people
> can be anonymous, or pseudonymous, but at the same time wish to have some
> way of identifying the people engaged in large-scale domain name
> speculation. Are these ends compatible? In a world without distinguished
> names, is there a way to design a system that has these properties (#3 is
> the hard one):
>
> 1) every registrant can be anonymous or pseudonymous but must provide
> contact details that could be accessed in the event of a subpoena. They
> would not show up on whois to the whole world. (data is entered into a
> computerized form with no human verification) The best version has the
> data put in some form whichthe registrant can decrypt when the subpoena
> comes or else lose the domain name.
One way to approach this is to have an organization which will verify
contact information. A potential domain name registrant supplies his
contact information in the form of name, address, phone number, or other
identifcation. This information is verified by the usual means.
Then the contact-verifying organization supplies a BLIND signature on
the contact information. We can call this blind signature a
"certified contact token".
This signature is such that it is verifiable by any third party as
being issued by the contact-verifying organization, but it is blinded
so that there is no hint about what data was signed. There are
various cryptographic methods (simplest being cut and choose) to
ensure that the proper data has been signed, without the resulting
signature revealing what the data is.
We would also want there to be an associated public key for which only
the possessor of the contact information would have the secret. In
this way he can show that he is the owner of the certified contact
token.
When someone registers a domain name, they provide their certified
contact token, and they prove that they are the owner. The contact
token is stored in the domain name database.
If they are later compelled to reveal their contact information, a
third party can verify that this information is in fact the same data
which was signed by the blind signature in the certified contact token.
> 2) registrants who provide false contact details can be detected upon a
> challenge by a third party, but the third party does not get to know
> accurate contact details.
Third parties can verify that names are registered with valid certified
contact tokens.
There are a couple of possible frauds here.
One is for someone to get more than one certified contact token. This
could be done simply by having two addresses or two phone numbers. We
can't do much about this, and it is possible in any system. We could
begin to address it by requiring more information in the contact
verification process.
Another fraud is to buy someone else's certified contact token and use
that for some of the registrations. This could be addressed in part
by making it expensive to purchase these tokens (and then relatively
cheap to register domain names). Ultimately, though, Alice buying and
using Bob's certified contact token is essentially equivalent to Alice
paying Bob to register names on behalf of Alice. We can't stop people
from cooperating with each other.
> 3) it is possible for a third party who wishes to challenge the
> registration of Domain DN1 to find out how many other domains have been
> registered by the owner of DN1, and what they are, without necessarily
> finding out the identity of the registrant.
In this system, all registrations by a single person would use the same
certified contact token. This would allow all third parties to see when
multiple names are being registered by the same person.
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:28