solving the wrong problem

[Steven M. Bellovin]

In message <27062101.1123360215327.JavaMail.root at elwamui-lapwing.atl.sa.earthli
nk.net>, John Kelsey writes:

>
>On the other hand, think about the uses of this technology
>for paper bearer instruments.  Design travelers' checks that
>include a 2D barcode with a BLS signature, bound to the
>piece of paper, and you can print the damned thing on
>regular paper if the readers are cheap enough.  Similar
>things apply to stamps, tickets, etc.  

Tickets are an excellent use for this, because it binds the printing to 
a specific physical object.  The concert industry has had a problem 
with trying to use print-at-home tickets -- the fraudsters buy a single 
ticket, then print it multiple times and sell the resulting tickets to 
others.  One group is resorting to requiring ID at the door -- buyers 
will never have a physical ticket until after they're escorted inside, 
to eliminate the opportunity for such fraud.  (See
http://www.nytimes.com/2005/08/06/arts/music/06scal.html for more 
details.)

Yes, you could do everything via an online system based on identity 
documents.  Apart from the privacy implications, and the problem of 
coping with network failures just prior to the start of a concert or 
game, dealing with the multiple forms of ID people carry isn't easy; it 
requires a fair amount of preparation and infrastructure.  As I said, 
people may be moving in that direction, but the article itself called 
the scheme "laborious"; the band's manager called it "unbelievably 
cumbersome".

I don't disagree with Perry's basic statement -- that a lot of people 
try to solve the wrong problem.  Here, though, we have a tool.  It 
remainds to be determined if it's a hammer, screwdriver, or wrench, and 
hence what problems to apply it to.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com