All of the identification systems presented in the previous section share a common flaw: they allow people to create private relationships between themselves and a particular computer system, but they don’t allow these relationships to be framed within the context of a larger society. They are all private identification systems, not public ones.

For example, say that Jonathan Marshall enrolls with a nationwide online service and creates an email account. When he creates the account, he gets a username, jonathan, and a password, deus451. Whenever Jonathan wishes to pick up his email, he uses his password to prove his identity. He might even create a private key to prove his identity, and give his online service a copy of his public key.

Now imagine that Jonathan loses his password. He can always go back to the nationwide service and create a new username, jmarshall, and a new password, excom3.0. But how does Jonathan convince the people he has been exchanging email with that jonathanand jmarshall are actually the same person?

One way that Jonathan could try to prove his identity would be for him to email his telephone number to his friends, and ask them to call him. This might work for people who had heard Jonathan’s voice. Others, though, would have no way of knowing if Jonathan’s voice really belonged to Jonathan or belonged to an imposter. This technique also wouldn’t work if Jonathan was in the habit of posting in public forums: if there were thousands ...