Re: The home user problem returns

[Chris Blask <chris () blask org>]

At 10:47 AM 9/13/2005, Paul D. Robertson wrote:
> On Mon, 12 Sep 2005, Chris Blask wrote:

Hey Paul!

> > The problem is that, without any sort of identity (and there is
> > exactly 0.0000% of net traffic using anything worth calling
> > identity), it is impossible to treat Identified traffic and Anonymous
> > traffic differently, as they logically deserve.
>
> Two words:  Identity Fraud.

?! (I'll never see that again without thinking of Scooby Doo - 
thanks, P Melson! ;~)

Not sure where you were going with that, but my point is that I (as a 
network owner) can choose to treat Identified traffic with one (or 
more) level of trust and Un-Identified traffic with another 
(logically much lower) level of trust.

I have to correct my "0.0000%" comment, as well.  There is actually 
quite a lot of practical Identity being used on the net, *we* just 
have not provided much of it.  Anyone who buys and sells on eBay or 
orders something online is using Identity to a level that is 
acceptable to the other party.  As long as the level of fraud in 
these transactions is similar-to or lower-than the level of fraud in 
non-net transactions, then the methods they are using are correct.

> > Decentralized, distributed responsibility.  If I own an auth server
> > then I am responsible for the activities of those who use it.  If I
>
> You're willing to be responsible for your user's behavior?  After they're
> Trojaned?

Sorry, incorrectly stated: I'm willing to be responsible for knowing 
who the real human is who has used my Identity service.

> Just like the encryption boundary problem that is the reason SSL is
> severely broken as a concept, the use of identity can't be done in a
> system that's not closed, and we don't have the methods, technologies or
> wherewithall to close the software, transport and physical endpoints
> everywhere.

We use identity in the physical world in a way that allows us to 
function, with all sorts of weaknesses in that identity process 
(sure, put a picture on my credit card, no-one will look at it;  my 
Mother's Maiden Name, are you serious!?!)).

IMHO, the reaons we have no success as an industry in providing 
Identity on the net is that we search for a "DNA-Sample" level of 
verification.  We don't do this in the real world but succeed in 
moving trillions of dollars in assets back and forth every day.  In 
my own Living With Chaos view of the world, complex problems are 
solved by dividing them into chunks until the pieces can be 
digested.  If there aren't huge chunks of this problem that can be 
digested easily (look at eBay), then the beer is on me...  :~)

-cheers!

-chris



I'm not good in groups. It's difficult to work in a group when you're 
omnipotent.

-Q, Star Trek

Chris Blask
chris () blask org
http://blaskworks.blogspot.com

+1 416 358 9885