[Cryptography] After Equifax pwning, what is the best means for replacing the SSN?

[Tom Mitchell]

On Wed, Sep 27, 2017 at 2:50 PM, John Levine <johnl at iecc.com> wrote:

> In article <903e4c2d1109f7df3eaf31489be3b614.squirrel at 10.6.6.5> you write:
> >> My preference is to say that any transaction validated with an SSN is
> >> presumed fraudulent and is voidable on request.
>
....

States could begin to include one or more "merchant" IDs on driver licenses
as well as the existing state issued IDs for those that do not drive.

Each time a license is reissued or renewed a new merchant ID set
would be issued as well as on demand by a citizen.

Law can specify that the merchant ID never be stored except for a hash
against or with the  Vendor's own ID.   So both the customer and Vendor ID
would be a pair, think of the Merchant and Customer bits as salt plus
password .
The bound hash if lost only has repercussions at exactly one merchant.

So law plus an alternative group of numbers that is under control of the
state but not a national ID.

The DL#  itself is to be used ONLY by the state DMV.
The SSN by federal law would not be used when a state issued number is
available.
Other law can limit correlation of Customer# against other keys.
Character counts long enough to include validation bits sure..

The goal is to minimize the impact of merchant data loss.
No merchant would have SSN or DL numbers to be lost.
The state itself would only retain a validation crypto hash for Customer
numbers.

So the center of ID power would  still be State and Federal agencies.
Passports...??


-- 
  T o m    M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20170927/24429373/attachment.html>