identification + Re: authentication and authorization
Ed Gerck
egerck at nma.com
Fri Jul 9 17:56:20 EDT 2004
Aram Perez wrote:
> Hi Ed and others,
>
> Like usual, you present some very interesting ideas and thoughts. The
> problem is that while we techies can discuss the "identity theft" definition
> until we are blue in the face, the general public doesn't understand all the
> fine subtleties. Witness the (quite amusing) TV ads by CitiBank.
Thanks. That's why my suggestion is that techies should solve the real
problem (authentication theft) that is allowing identity theft to create
damage to the general public. What's the use of stolen identity data if
that data cannot be used to impersonate the victim? At most, it would be
a breach of privacy... but not a breach of access and data protected by
the access. Furthermore, if identity data is not used as authenticators,
they would not be so much available (and valuable!) to be stolen in the
first place.
BTW, the confusion between identification and authentication begins in
our circle. Just check, for example, The Handbook of Cryptography by
Menezes et. al.:
"10.2 Remark (identification terminology) The terms identification
and entity authentication are used synonymously throughout this book."
Cheers,
Ed Gerck
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list