Firewall Wizards mailing list archives
Re: The home user problem returns
From: Chris Blask <chris () blask org>
Date: Tue, 13 Sep 2005 21:39:56 -0400
At 05:37 PM 9/13/2005, Paul D. Robertson wrote:
On Tue, 13 Sep 2005, Chris Blask wrote: > Hey <again> Paul! My point is that identification is *hard*- it's a boundary problem, and we don't have a solid boundary. That means that abuse is easy- an attacker will just come through as someone else, so everyone will be "identified," they just won't necessarily match their identification.
Parts of Identity need not be so hard to manage. I have not heard of eBay having a huge problem with people stealing other users' Identity, for example.
"Something you have, something you know." The "have" is the computer, which you are correct to say can be compromised. The "know" need not be so easily compromised.
> Sorry, incorrectly stated: I'm willing to be responsible for knowing > who the real human is who has used my Identity service. But you don't- you know who's credentials were used, and that's it. That's pretty far from knowing who the user is.
If someone stores their "know" on the "have" (their computer) then they have left their keys in the car. Insurance companies already know how to deal with that - "sorry about the stolen car but it's your fault therefore you are legally responsible for the loss. Have a Nice Day."
To follow the analogy, we are the auto industry and we have yet to tell people how to keep their keys and cars separate (or make it reasonably possible to do), so it's hard to blame people when their car is used in a drive-by...
.d.
No, I'm not advocating doing nothing if it's not perfect, I'm saying that the proposal is lost because it has flaws that will surface more quickly than they can be fixed. Trojans have rendered that not workable until we tone down the Trojan problem, which is why this thread is important.
No doubt there are intertwined problems, here: not only are the cars and keys kept together, but we've provided houses with no locks so Folks can't even put their keys in the kitchen and be safe... Time and experience (and sh*tloads of sweat) will let us fix the things we need to fix so we can fix the things we want to fix...
I'm locked in Lifelong Reno Hell at home, for example: I put a floor in one building this year but I needed to level it first, which in turn required replacing supporting beams, which you can't get to without ripping off a porch, in the process of which you drop a backhoe in the septic. :). But there's a new floor there now, wheelchair access where the porch was and I needed to replace that bloody septic, anyway...
But if you take too long thinking about it the building just collapses.... .d.
> If there aren't huge chunks of this problem that can be > digested easily (look at eBay), then the beer is on me... :~) > The beer's on you anyway! Paul "I can identify a beer donor a mile away" Robertson
Didn't that "Sucker" tattoo on my forehead wear off by now...? -chris "walked into another one" blask Make things as simple as possible but no simpler. - Albert Einstein Chris Blask chris () blask org http://blaskworks.blogspot.com +1 416 358 9885
Current thread:
- Re: The home user problem returns, (continued)
- Re: The home user problem returns Marcus J. Ranum (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Jim Seymour (Sep 13)
- Re: The home user problem returns George Capehart (Sep 14)
- Re: The home user problem returns Dale W. Carder (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)
- Re: The home user problem returns Chris Blask (Sep 14)
- RE: The home user problem returns Paul Melson (Sep 13)
- RE: The home user problem returns Eugene Kuznetsov (Sep 13)
- RE: The home user problem returns Marcus J. Ranum (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns R. DuFresne (Sep 13)
- Re: The home user problem returns Mason Schmitt (Sep 13)
- RE: The home user problem returns Paul Melson (Sep 13)
- Re: The home user problem returns Paul D. Robertson (Sep 13)