News.com: IBM donates new privacy tool to open-source Higgins

Mon Feb 5 13:41:28 EST 2007

Anne & Lynn Wheeler wrote:
> http://news.com.com/IBM+donates+new+privacy+tool+to+open-source/2100-1029_3-6153625.html 

from above:

The encrypted credentials would be for one-time use only. The next purchase or other transaction will require a new credential. The process is similar to the one-time-use credit card numbers that Citigroup card holders can already generate on the bank's Web site.

... snip ...

past post:
http://www.garlic.com/~lynn/aadsm26.htm#24 News.com: IBM donates new privacy tool to open-source Higgins

... so if you had to go to the credential issuing website every time you needed a one-time use credential (one-time use is countermeasure to replay attacks involve static data credentials) ... what mechanism are you using to authenticate yourself to the credential issuing website.

if the mechanism for authentication to the credential issuing website is of reasonably strong security ... then why don't you use that mechanism directly in the regular transaction ... rather than having to have an intermediary credential involved.

this is somewhat the argument used about digital certificates being redundant and superfluous in an online environment ... whatever was used to acquire the (x.509 identity) digital certificate ... especially a relying-party-only digital certificate
http://www.garlic.com/~lynn/subpubkey.html#rpo

to avoid repeatedly spraying personal information all over the world ... just use that interaction directly ... and avoid the superfluous and redundant digital certificate.

this is the certificateless public key infrastructure operation
http://www.garlic.com/~lynn/subpubkey.html#certless

in the x9.59 financial standard transaction
http://www.garlic.com/~lynn/x959.html#x959
http://www.garlic.com/~lynn/subpubkey.html#x959

or in the similar FAST transaction (for matters other than financial transaction authorization) done by FSTC in the 90s
http://www.fstc.org/

one might claim that this new mechanism is another approach to addressing the enormous privacy exposure represented by the x.509 identity digital certificates from the early 90s ... but my oft repeated claim is that the while credentialing and certificate paradigm is left-over from the offline era. in the online era ... if the relying party either 1) has their own online information and/or 2) has online, realtime access to the responsible authoritative agency or institution ... then credentials and certificates purely represent relics predating online infrastructures. 

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com