From: Nathaniel Borenstein <nsb@nsb.fv.com>
Date: Wed, 31 Jan 1996 13:02:31 +0800
To: adam@lighthouse.homeport.org>
Subject: Re: Authentication of crypto clients
In-Reply-To: <199601300532.AAA05850@homeport.org>
Message-ID: <Ql3XeauMc50eFIrAQG@nsb.fv.com>
MIME-Version: 1.0
Content-Type: text/plain


Excerpts from mail: 30-Jan-96 Re: Authentication of crypt.. Adam
Shostack@homeport.o (4311*)

> 	A crypto provider can't protect itself from requests to do
> things.  What it might be able to do is find out what program is in
> that memory space and tell the user "FV keyboard scanner would like to
> run IDEA on 128 bytes of data.  Allow?"

> 	There are flaws in this 'whos that knocking on my door?'
approach....

Yeah, the flaws are pretty bad.  We tried this approach in "active mail"
systems back in the early-to-mid-1980's.  The user was asked to assess
his trust level for the email-received code that was trying to run.  The
problem we found was that even relatively sophisticated users were very
quick to be fooled into believing that the "From" address was
legitimate.  Similarly, I suspect that if I named my keyboard scanner
"Windows 95", most people would probably be fooled, and the fact that
your API asked the question would only make the user feel MORE secure
about saying "yes".....
--------
Nathaniel Borenstein <nsb@fv.com>
Chief Scientist, First Virtual Holdings
FAQ & PGP key: nsb+faq@nsb.fv.com