Rubber hose attack
Rick Smith at Secure Computing
rick_smith at securecomputing.com
Fri Nov 2 11:35:12 EST 2001
At 11:08 AM 11/1/2001, vertigo wrote:
> It appears that a lot
>of work has to be done and a lot of money spent before even a small amount of
>trust in an individual's proof of identity (on a world- or Internet-wide
>scale) can be established.
Hmmm. I'm able to walk into a bank in semi-rural Italy and pull hundreds of
dollars out of my credit card account. I'm able to buy subscriptions to
Russian news sites. This seems pretty world-wide and Internet-wide to me.
Existing systems work pretty well even if they don't achieve some cosmic
notion of "Trust" or "Identity."
Of course, the process isn't 100% foolproof, and I'd be less likely to take
advantage of it if fraud recovery fell more heavily on me as a consumer.
Even so, there are generally enough valid transactions to cover the costs
of the invalid ones to Web site proprietors and remote bank branches. Even
if computer based mechanisms have shortcomings, the overall system is
pretty robust.
If Microsoft's system is too brittle, then they'll pay for it through fraud
expenses. If people find it unreliable or untrustworthy, they'll use other
mechanisms for buying things. While I would feel compassion for consumers
who are hurt or inconvenienced by some huge scam that exploited a poor
Microsoft security implementation, such a scenario would be entertaining to
watch.
Regardless of .Net's expected convenience, most people will probably still
patronize non-.Net vendors when they offer better prices, regardless of the
inconvenience. It's not that hard to re-enter billing information,
especially when compared to driving across town to the discount store
instead of using the higher-cost mini-mart down the street.
Rick.
smith at securecomputing.com roseville, minnesota
"Authentication" in bookstores http://www.visi.com/crypto/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list