At 3/17/02 10:46 AM, Patrick wrote:
>Not really. It's simple to maintain a difficult to repudiate,anonymous
>identity with the use of public key encryption. Too bad NSI has consistently
>screwed up PGP-Guardian to the point that it's been unusable. There's no
>reason that OpenSRS couldn't implement somthing that works.
>
>Consider that you really need only to verify that the person making requests
>is the person that "owns" the domain.
There's already a system in place that is supposed to check that the
current user is the same person who originally signed up: the password.
The problems start when people lose their password and need to prove
their identity some other way. I'm sure everyone on this list has dealt
with people who forgot their password, AND have moved, AND changed e-mail
addresses and phone numbers, AND had their driver's license stolen so
they can't fax you a copy....
The problem would be at least as bad with public key encryption ("I
forgot my PGP password", "my disk died and I lost my private key", "the
person who set up our encryption thingie got fired a year ago and I don't
know anything about it", etc.). It's not really practical to tell a
customer that they've permanently lost their domain in these cases.
Due to human incompetence, you're always going to need a backup system
that allows a user to prove who they are even if they've lost their
out-of-band info (private key or password). Currently that process
consists of a human talking to everyone involved, then squinting at a
blurry fax and trying to decide whether it's a valid drivers' license or
a forgery. This system is imperfect, hence all the talk of biometric
systems being the future of identity verification; the main advantage is
that it's (theoretically) harder to lose your retina or your fingerprint
than your password.
(However, as someone who has suffered retinal damage that changed the
pattern of the blood vessels in my eye, I have my concerns, and I knew a
guy in seventh grade who shot his eye out with a BB gun and got a glass
eye to replace it. And as far as fingerprints go, my wife's uncle chopped
off his finger with a band saw last year while cutting cheese. You're
always going to need a fallback plan.)
--
Robert L Mathews, Tiger Technologies
"The trouble with doing something right the first time is that nobody
appreciates how difficult it was."
