[TrustBar] [Fwd: Re: Low assurance SSL CAs]

Duane duane at cacert.org
Wed Feb 16 00:04:24 EST 2005 

Ian G wrote:

> In fact, each go to a great extent to decide on
> their own ways of doing things, so much so that
> often, due diligence from one place is worthless
> in another place.

My ID wasn't even checked (ever) by the Uni I attended... The accepted 
as valid the information I provided to them.

> Also, bear in mind that for examples 1, 4, the
> relying party is the institution doing the checking,
> whereas for CAs, the relying party is some other
> user.  So one could look at DLs and passports,
> but they are government run.

In this case there is a common entity/database... the browser...

In the case of my passport (less then 2 years ago) it wasn't done in 
person at the govt office (it's done via the post office), I gave them a 
bunch of info on a form and had someone sign the back of my passport 
photo stating it was a valid likeness to me... The guy at the post 
office again never checked my ID to verify any information I was 
submitting (obviously the photos could be quickly compared against me)...

Drivers licenses are always fun, birth certificate + someone declaring 
that they know me and think I'm fit to be on the road, and my birth 
certificate isn't exactly recently issued, so by the time someone is 40 
or 50 and had a easily faked birth certificate and stole someone's ID to 
forge the referring person you could literally exist without a trace... 
We don't have a government wide system like SSN's, we do have tax file 
numbers (TFN's) but these are only for employment/income/social 
security, banking and taxation... Although they did try to bring in the 
Australia card in 1980ish which would have done the same thing as SSN's, 
but was thrown out at a referendum... You have to apply for a TFN when 
you turn 14 so you can start to work legally etc, it isn't automatically 
issued at birth...

Banks solely have to rely on 3rd party information, and once you have a 
fake birth certificate and drivers license (you don't even have to 
supply TFN's to the bank, they just with-hold 48% tax after a certain 
threshold), you can get a bank account and well on your way to accruing 
enough personal ID to get a passport to go with it...

But yea anyway these systems are perfectly secure *grin* not to mention 
the article in the papers a while back about screwing up passports, some 
woman of anglo origin ended up with the photo of an asian man on hers ;)

-- 

Best regards,
  Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://happysnapper.com.au - Sell your photos over the net!
http://e164.org - Using Enum.164 to interconnect asterisk servers

"In the long run the pessimist may be proved right,
     but the optimist has a better time on the trip."

More information about the TrustBar mailing list