<div dir="ltr"><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_extra"><br><div class="gmail_quote">2015-02-19 17:18 GMT+01:00 ianG <span dir="ltr"><<a href="mailto:iang@iang.org" target="_blank">iang@iang.org</a>></span>:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class="">On 18/02/2015 17:21 pm, Kent Borg wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
The human is part of the security system.<br>
</blockquote>
<br></span>
Odd thing to say ;) Security means nothing outside the context of a human.<br>
<br>
<br>
<br>
As a meta-comment on passwords: there is a big shift underway now to start doing dual factor using the person's phone. It is now clear that everyone has a phone, to some statistical certainty, and we can rely on it. So every system and his dog has now migrated to using something to couple the phone and the password together.<br>
<br>
(In the meantime, while this Phone+password hybrid rolls out, others have gone further. ApplePay, bitcoin light clients, my stuff, are putting the whole thing on the phone. So, actually we are exposing the phone to single points of failure/attack modes. But this direction is still so novel and so far rare that there is no economic case for attack and won't be for a few years...)<br>
<br>
Which is to say, micro-re-designs of how passwords work and can be improved might be missing a macro-trend that is going on.</blockquote><div><br></div><div><div class="gmail_default" style="font-family:garamond,serif">Interesting. An other possible way to look at mobile phones could be as a large keyring with (pseudo) anonymous keys. So rather than using the phone as single token for proving identity, it could be a granular tool for proving our 'specific' authority. If all the authority can be revoked all at once by a caretaker we control from our home, we could simple revoke all of our phone's authority if ever we lost it or it got stolen. </div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">Passwords are both (poor) tokens of authority and (poor) tokens for proving identity. Two factor authentication makes for better tokens for proving identity, but kills the (useful) tokens of authority property that allows us to share a password in order to delegate authority. If we can manage to minimize the need for tokens for proving identity and use tokens for proving authority (capabilities) instead, than mobile phones could be an interesting carriage for such tokens if we manage to get access control on these devices sufficiently locked down to allow individual apps to keep these authority tokens secret from each-other.</div><div class="gmail_default" style="font-family:garamond,serif"><br></div><div class="gmail_default" style="font-family:garamond,serif">A mobile phone as secure capability wallet. Would be an interesting project to work on ;-)</div><br></div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><span class=""><font color="#888888"><br>
<br>
iang</font></span><div class=""><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
The cryptography mailing list<br>
<a href="mailto:cryptography@metzdowd.com" target="_blank">cryptography@metzdowd.com</a><br>
<a href="http://www.metzdowd.com/mailman/listinfo/cryptography" target="_blank">http://www.metzdowd.com/<u></u>mailman/listinfo/cryptography</a><br>
</div></div></blockquote></div><br></div></div>