[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?
John Levine
johnl at iecc.com
Tue Sep 26 17:46:16 EDT 2017
In article <CAHVSqQcWYU=Ts4+PKyR77q8DRQ4+W1DzZ8dwHFWVRHaBNWaGKA at mail.gmail.com> you write:
>Maybe I'm misunderstanding, but isn't this fairly easy? Just invent a fine
>for companies that use SSN as an authentication mechanism. Or any
>identifier that is knowingly public, including having been made public by a
>security breach.
My preference is to say that any transaction validated with an SSN is
presumed fraudulent and is voidable on request. Fines are hard, they
require courts and such.
R's,
John
More information about the cryptography
mailing list