1995-12-13 - Re: Usability of Cryptography (was Re: More FUD from First Virtual)

Header Data

From: Nathaniel Borenstein <nsb@nsb.fv.com>
To: jamesd@echeque.com>
Message Hash: 447ad95c915bc0d25ec31d4581f1f50fffb7c6c897c91ede9d1d896d8440aa72
Message ID: <cknh5WaMc50e02iplN@nsb.fv.com>
Reply To: <199512130722.XAA11947@blob.best.net>
UTC Datetime: 1995-12-13 13:59:24 UTC
Raw Date: Wed, 13 Dec 1995 21:59:24 +0800

Raw message

From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 13 Dec 1995 21:59:24 +0800
To: jamesd@echeque.com>
Subject: Re: Usability of Cryptography (was Re: More FUD from First Virtual)
In-Reply-To: <199512130722.XAA11947@blob.best.net>
Message-ID: <cknh5WaMc50e02iplN@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail.limbo: 12-Dec-95 Re: Usability of Cryptograp.. "James
A. Donald"@echequ (1242*)

> If we stick to a lesser goal -- constancy of identity -- 
> this is not so hard.  In general it is impossible to prove that 
> Bryce is the "real" Bryce, but it is trivial to prove that 
> Bryce is the same Bryce who has a certain Web page, and the
> same Bryce who posted a certain article in archives.

Agreed completely, if you add:

"....unless the person claiming to be Bryce is someone who managed to
steal secret keys from that same Bryce."

Without this clause, it seems to me you're assuming that secret keys (or
other identity-verifying tokens) can't ever be stolen.  Insofar as you
use multiple things (cryptography, IP address, etc.) to identify
someone, you can make it harder to impersonate someone, but each of
these things is ultimately forge-able.  -- NB
--------
Nathaniel Borenstein <nsb@fv.com> (FAQ & PGP key: nsb+faq@nsb.fv.com)
Chief Scientist, First Virtual Holdings

VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf





Thread