[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Man in the middle attacks



At 09:30 AM 3/14/96 -0500, [email protected] (Carl Ellison) wrote:
>Take, for example, my bank account.  I go to my bank today and open an
>account.  I give them my SSN and sign a form.  They give me an account
>number.
>Given digital signatures, I still go to them, give them my SSN and
>digitally sign a form.  They give me an account number.  They keep, in a
>database of their own [rather than some CA's database] my name, SSN, public
>key and whatever other identifying information they need to feel warm and
>fuzzy about tracking me down in case of fraud.  

The SSN isn't there for tracking you down in case of fraud.
It's there because the IRS insists they collect it on interest-bearing accounts
so they can tax you.  Your driver's license, if they ask for that,
is something they want to see for fraud prevention, because that's
harder to fake than an SSN.  And your SSN is a perfectly appropriate thing
to use with a key-centered approach: "This is my SSN, please use it for my
bank account",
signed key 123456789.
#--
#			Thanks;  Bill
# Bill Stewart, [email protected], +1-415-442-2215 pager 408-787-1281
# "At year's end, however, new government limits on Internet access threatened
# to halt the growth of Internet use.  [...] Government control of news media 
# generally continues to depend on self-censorship to regulate political and
# social content, but the authorities also consistently penalize those who
# exceed the permissable."  - US government statement on China...