On Mon, 6 Aug 2001, Owen Boyle wrote:
> It makes no sense (indeed, it is dangerous) to have an encrypted
> conversation with someone if you don't know their identity. And you
> cannot be sure of identity without authentication.
To briefly fuel the fire ... :-)
Authentication is IMHO far more important than encryption for the majority of
the world's problems people are trying to solve with crypto. Ironically, most of
the time people speak of "privacy" in hushed reverential tones, they are usually
just muddled up and should really be thinking of "authenticity". (And sometimes
it's another even weirder property they're really talking about; "anonymity").
Eg. credit cards. There's no reason why credit card numbers should be kept
secret - they're an ID, not a key (neither for encryption *or* authentication).
The problem is that they're used as keys; ie. if you know the credit card
number, that's enough[1] to be able to spend with it. It's obvious that this
should not be the case - that is, it should identify which account you are
trying to bill, *not* authenticate the right to bill it. Using the credit card
number in both roles is equivalent security-wise to forcing user accounts
to have passwords identical to usernames.
[1] Obviously you can dispute a credit-card bill when it arrives, but in
practical terms the threat in terms of a bad person benefitting from this scheme
remain, no matter who loses as a result. At best, you would still be massively
inconvenienced even if not financially screwed.
If, for example, there was a signature scheme in place - we could send a credit
card number, a billing description, a date, and other relevant info and "sign"
the whole shebang using our signature key/token/card/whatever. That signed data
could then be passed onto retailers you wouldn't trust as far you could kick
yourself using communication channels you similarly distrust, and they could do
little more (that would be useful anyway) with what you sent them than hand it
in to the bank as-is.
Instead, we simply hand over our credit card numbers every time we want to
charge something to our accounts ... and people think the problem, and thus the
solution, is privacy. :-(
Cheers,
Geoff
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
