> On Wed, 31 Oct 2001 [EMAIL PROTECTED] wrote: > In closed systems, yes. However, even in those environments there is a > substantial risk, because there really are no "trusted," or otherwise > authoritative third parties, short of a full blown background check. > Approximately 80% of all attacks are from those "trusted" insiders.
John, True, attacks are usually carried-out by known and/or trusted individuals. I suppose I was thinking more about key management on a theoretical level. The infamous "rubber hose attack" still exists. Once you really get down to the real-world level, things begin breaking down. Identity theft is trivial unless your proof of identity is always changing (e.g. SecureID), duplication of that proof is made reasonably difficult (algorithmically, physically, how- ever), and the proof itself is kept reasonably secure. It appears that a lot of work has to be done and a lot of money spent before even a small amount of trust in an individual's proof of identity (on a world- or Internet-wide scale) can be established. Nathan --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
