[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Usability of Cryptography (was Re: More FUD from First Virtual)
Excerpts from mail.limbo: 12-Dec-95 Re: Usability of Cryptograp.. "James
A. Donald"@echequ (1242*)
> If we stick to a lesser goal -- constancy of identity --
> this is not so hard. In general it is impossible to prove that
> Bryce is the "real" Bryce, but it is trivial to prove that
> Bryce is the same Bryce who has a certain Web page, and the
> same Bryce who posted a certain article in archives.
Agreed completely, if you add:
"....unless the person claiming to be Bryce is someone who managed to
steal secret keys from that same Bryce."
Without this clause, it seems to me you're assuming that secret keys (or
other identity-verifying tokens) can't ever be stolen. Insofar as you
use multiple things (cryptography, IP address, etc.) to identify
someone, you can make it harder to impersonate someone, but each of
these things is ultimately forge-able. -- NB
--------
Nathaniel Borenstein <[email protected]> (FAQ & PGP key: [email protected])
Chief Scientist, First Virtual Holdings
VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf