CTO Corner
Data Sheets
Flash Government Regulations Webcasts White Papers
PGP Identity Management:
Secure Authentication and Authorization over the Internet
By Vinnie Moscaritolo,
PGP Cryptographic Engineer
3 September 2004
Abstract
Access to computer services has conventionally been managed by
On Thu, 8 Jul 2004, Anton Stiglic wrote:
>The problem is not really authentication theft, its identity theft, or if
>you want to put it even more precisely, it's "identity theft and
>authenticating as the individual to whom the identity belongs to". But the
>latte doesn't make for a good buz-wo
Aram Perez wrote:
Hi Ed and others,
Like usual, you present some very interesting ideas and thoughts. The
problem is that while we techies can discuss the "identity theft" definition
until we are blue in the face, the general public doesn't understand all the
fine subtleties. Witness the (quite am
Hi Ed and others,
Like usual, you present some very interesting ideas and thoughts. The
problem is that while we techies can discuss the "identity theft" definition
until we are blue in the face, the general public doesn't understand all the
fine subtleties. Witness the (quite amusing) TV ads by C
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Ed Gerck
Sent: 7 juillet 2004 14:46
To: [EMAIL PROTECTED]
Subject: identification + Re: authentication and authorization
>I believe that a significant part of the problems discussed here is that
>the
>However, in some scenarios
>http://www.garlic.com/~lynn/2001h.html#61
>the common use of static data is so pervasive that an individual's
>information
>is found at thousands of institutions. The value of the information to the
>criminal is that the same information can be used to perpetrate fraud
d first is
a non-circular definition for identity. And, of course, we need a
definition that can be applied on the Internet. Another important
goal is to permit a safe automatic processing of identification,
authentication and authorization [1].
Let me share with you my conclusion on this, in revis
At 07:23 AM 7/5/2004, Anton Stiglic wrote:
Identity has many meanings. In a typical dictionary you will find several
definitions for the word identity. When we are talking about information
systems, we usually talk about a digital identity, which has other meanings
as well. If you are in the fie
At 09:20 AM 7/6/2004, Anton Stiglic wrote:
Well, there is nt established technical definition for "digital identity",
but most definitions seem to focus to what I defined it as.
there is actually a whole series of issues.
the identity x.509 certificates from early 90s were targeted at stuff that
a
>-Original Message-
>From: John Denker [mailto:[EMAIL PROTECTED]
>Sent: 5 juillet 2004 18:28
>To: Anton Stiglic
>Cc: [EMAIL PROTECTED]; 'Ian Grigg'
>Subject: Re: authentication and authorization
>[...]
>We should assume that the participants on
John Denker wrote:
[identity theft v. phishing?]
That's true but unhelpful. In a typical dictionary you will
find that words such as
Identity theft is a fairly well established
definition / crime. Last I heard it was the
number one complaint at the US FTC.
Leaving that aside, the reason that phis
I wrote:
1) For starters, "identity theft" is a misnomer. My identity is my
identity, and cannot be stolen. The current epidemic involves
something else, namely theft of an authenticator ... or, rather,
breakage of a lame attempt at an authentication and/or
authorization scheme. See definiti
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of John Denker
Sent: 1 juillet 2004 14:27
To: [EMAIL PROTECTED]
Cc: Ian Grigg
Subject: Re: authentication and authorization (was: Question on the state of
the security industry)
>1) For starters, "
At 12:26 PM 7/1/2004, John Denker wrote:
>The object of phishing is to perpetrate so-called "identity
>theft", so I must begin by objecting to that concept on two
>different grounds.
Subsequent posters have doubted the wisdom of quibbling with the term "identity
theft". I think the terminology
one of the industry groups brought my wife and me in to help work on the
cal. and then the federal e-sign legislation. there is this intersection
between privacy, e-sign, and fraud. in any case, one of the things that
they had done was a study of the driving factors for legislative and
regulato
Hi John,
thanks for your reply!
John Denker wrote:
The object of phishing is to perpetrate so-called "identity
theft", so I must begin by objecting to that concept on two
different grounds.
1) For starters, "identity theft" is a misnomer. My identity
is my identity, and cannot be stolen.
I think I
At 12:26 PM 7/1/2004, John Denker wrote:
The object of phishing is to perpetrate so-called "identity
theft", so I must begin by objecting to that concept on two
different grounds.
there are two sides of this some amount of crime statistics call it
ID-theft which plausibly could be either
Ian Grigg wrote:
The phishing thing has now reached the mainstream,
epidemic proportions that were feared and predicted
in this list over the last year or two.
OK.
> For the first
time we are facing a real, difficult security
problem. And the security experts have shot
their wad.
The object
18 matches
Mail list logo