Anne & Lynn Wheeler wrote:
3-factor authentication paradigm obviously also doesn't cover whether
the authentication is direct fact-to-face or that the relying party is
infering authentication taking place by the existance of other kinds of
evidence. for instance, a relying party validating a digital signature
with a public key will infer that the other party is in possession of
the corresponding private key. the relying party may not have direct
i.e.
http://www.garlic.com/~lynn/aadsm19.htm#5 Do You Need a Digital ID?
one of the possible side-effects of applying 3-factor authentication
paradigm ... and observing that
1) the verification of a digital signature is just a method
of inferring the possession of a specific private key
2) the possession of a private key obviously (theoritically possible,
but i know of not instances of people memorizing private keys) isn't
"something you know" authentication and a private key isn't "something
you are" authentication ... leaving it to be "something you have"
authentication (aka in your possession)
3) private keys in their simplest form are just electronic bits that are
relatively easy to copy
then in order for a private key to be useful in a "something you have"
authentication, it follows fairly staight-forwardly that significant
security procedures and countermeasures are required to prevent such
copying (in order to provide some level of assurance that the assumed
entity is consistantly and uniquely in possession of the specific
private key).
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]