[TrustBar] [Fwd: Re: Low assurance SSL CAs]
Ian G
iang at iang.org
Tue Feb 15 13:29:47 EST 2005
Duane wrote:
> Ian G wrote:
>
>> In fact, each go to a great extent to decide on
>> their own ways of doing things, so much so that
>> often, due diligence from one place is worthless
>> in another place.
>
>
> My ID wasn't even checked (ever) by the Uni I attended... The accepted
> as valid the information I provided to them.
Well, is that quite true? Normally to get into Uni
you have to show passed some standardised tests,
and show school grades. That's Id. The fact that
someone else might have walked in and got your
degree in your name doesn't change that. You
have your idea about what Id is but that's not
relevent, what's important is whether the Uni
approves ...
Consider someone steals your identity, goes and
gets a PhD in astrophysics, and then what? Are
you ... unhappy about that? Different standards
for different purposes.
>> Also, bear in mind that for examples 1, 4, the
>> relying party is the institution doing the checking,
>> whereas for CAs, the relying party is some other
>> user. So one could look at DLs and passports,
>> but they are government run.
>
>
> In this case there is a common entity/database... the browser...
>
> In the case of my passport (less then 2 years ago) it wasn't done in
> person at the govt office (it's done via the post office), I gave them
> a bunch of info on a form and had someone sign the back of my passport
> photo stating it was a valid likeness to me... The guy at the post
> office again never checked my ID to verify any information I was
> submitting (obviously the photos could be quickly compared against me)...
Huh. I thought they were supposed to take you
through a series of questions. Well, OK. So with
any given system there are weaknesses! Let's
not get distracted: passports are federally
controlled although certain aspects might be
outsourced.
> But yea anyway these systems are perfectly secure *grin* not to
> mention the article in the papers a while back about screwing up
> passports, some woman of anglo origin ended up with the photo of an
> asian man on hers ;)
Right. So the point is here: if you require a
centralised system, then you end up with a
system that doesn't do what you thought it
would.
So the challenge is to find a system that is
not centralised. This is a 'known problem'
in computer science, and it's not solved by
asking someone else to solve it ;) You might
like to look at the following essay:
http://zooko.com/distnames.html
This is known as Zooko's Triangle.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
More information about the TrustBar
mailing list