Rubber hose attack
JohnE37179 at aol.com
JohnE37179 at aol.com
Thu Nov 1 12:22:26 EST 2001
In a message dated 11/1/01 11:09:21 AM, vertigo at panix.com writes:
<< It appears that a lot
of work has to be done and a lot of money spent before even a small amount of
trust in an individual's proof of identity (on a world- or Internet-wide
scale) can be established.
>>
Not really. The problem that we fact today is that the identity information
cat is out of the bag. Anyone can accurately assume anyone else's identity.
The use of best match logic, out of wallet information, etc., all work if
everyone is willing to follow the rules. However, the fact that identity
fraud is growing at near 100% rates in the face of these approaches belies
the efficacy of those strategies. All any of the authentication technologies
can do is confirm that this is probably the same user it was last time.
Authentication technologies are agnostic as to any particular identity. All
assume the underlying principle that one identity equals one person. This
assumption is not only not true, it is dangerous. We are all aware of insta
nces in which one person was using many identities and we are equally aware
of instances in which many individuals are using one identity. In both of
these instances authentication fails, unless the correct single identity is
associated with the authentication methodology at the outset.
There is no barrier from me attaching my finger image to Bill Gates' identity.
John Ellingson
CEO
Edentification, Inc.
608.833.6261
||||#
||||||
||||||
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list