From: m5@vail.tivoli.com (Mike McNally)
Date: Wed, 20 Oct 93 06:17:42 PDT
To: owen@autodesk.com (D. Owen Rowley)
Subject: Re: your mail Re: on anonymity, identity, reputation, and spoofing
In-Reply-To: <9310192205.AA00919@lux.YP.acad>
Message-ID: <9310201314.AA03597@vail.tivoli.com>
MIME-Version: 1.0
Content-Type: text/plain



D. Owen Rowley writes:
 > The comercial use of internet is growing at a very fast rate...

Agreed.

 > wide scale networks provide capabilitys which are very attractive to
 > a variety of business enterprises.

Clearly; *right now* businesses are spending real money on it.

 > I suspect that a first pass will be made to try and use internet and the 
 > current suite of protocols and services as they are now.

Uhhh, it's already happening.

 > I also suspect that such attempts will flush out a whole raft of problems and
 > deficiencies along with  those who exploit such things.
 > Hopefully new protocols and services can be developed which will minimise 
 > vulnerability and maximise protection for bussiness assets while allowing
 > us as much freedom as possible.

Why does this preclude continuation of net services as they exist
today?  You seem to feel that there can only be one mode of use for
network resources.  If businesses want to use the net only under the
aegis of some authentication/credentialing scheme, fine!  That means I
may or may not choose too participate, or that I may choose to
participate as "myself" while still maintaining other digital
alter-egos for other purposes.

 > Nobody really knows what those things will be, and it is sorta problematic to 
 > make public laundrey lists of vulnerabilitys without some sort of idea
 > how to deal with cleaning up the mess. We are going to have to learn by 
 > example.

Why are you so stuck on the idea of "cleaning up a mess"?  The network
is a resource.  It can be used concurrently in lots of different ways.
You're free to start up your own set of authenticated services this
afternoon if you like.

 > My main point though is that eventually business will find decentralised
 > anarchic networks to be hostile territory, and will move on to less
 > vulnerable, more reliable networks where user authentication, and 
 > accountable security are provided.

Really?  So the presence of paying customers on the anarchic networks
won't be attractive?  We've had experience with lots of nasty problems
on the Internet already, and yet companies are all the time paying for
things like T1 channels for better service.

Of course, businesses are free as they've always been to implement
whatever communications systems they want.  This is old news.

 > It may be that there will be barriers between the anarchic networks and
 > the business-place networks,that require users to provide proof of identity
 > before they can pass.

Ok, fine.  So I pass if I want to and not if I don't.  What's the
point?  What does this have to do with being able to interact on other
net forums under different rules?

 > seriously.. note that you asked "because of the medium itself".
 > It's multiMedia, thats jargon for multiple mediums interacting with each
 > other, and presenting data interactively on multiple fronts.

Yes, I'm vaguely familiar with the concept :-)

 > It means an unfolding from two dimensional thinking ( text) to three
 > dimensional thinking ( virtual reality ).

I think you're selling text short, but that's another discussion.

 > perhaps you are unaware of some of the more starling things that are being 
 > done with biofeedback interfaces.

I'm aware of plenty of hype and pipe-dreams, but little reality.
Sure, it'd be neat though.  What does it have to do with
authentication and accountability?

 > lets take something mundane and achievable like hand gestures sensed by
 > the data-glove... [data glove communication deleted]

That'd be nice, I guess, but what's the point?  Are you suggesting
that someone tapping the communication line wouldn't be able to (1)
figure out what you were "saying" and (2) spoof the system?  (If
neither, then what does this technology have to do with
authentication?) 

 > BTW, that scenario was suggested to me by an individual of my 
 > aquaintance who lives on the other side of the --uh-- tracks.
 > he was very keen to be able to have such privileged communication,
 > and cost is no factor to him, he pays in cash.

Have you sent him PGP?  Seems a heck of a lot better and a heck of a
lot easier to implement.

 > Don't be surprised...

I'm losing track of what this has to do with "need" for
accountability.

--
Mike McNally