Re: The home user problem returns

[Chris Blask <chris () blask org>]

At 05:37 PM 9/13/2005, Paul D. Robertson wrote:
> On Tue, 13 Sep 2005, Chris Blask wrote:
>
> > Hey <again> Paul!
>
> My point is that identification is *hard*- it's a boundary problem, and we
> don't have a solid boundary.  That means that abuse is easy- an attacker
> will just come through as someone else, so everyone will be "identified,"
> they just won't necessarily match their identification.

Parts of Identity need not be so hard to manage.  I have not heard of 
eBay having a huge problem with people stealing other users' 
Identity, for example.

"Something you have, something you know."  The "have" is the 
computer, which you are correct to say can be compromised.  The 
"know" need not be so easily compromised.

> > Sorry, incorrectly stated: I'm willing to be responsible for knowing
> > who the real human is who has used my Identity service.
>
> But you don't- you know who's credentials were used, and that's it.
> That's pretty far from knowing who the user is.

If someone stores their "know" on the "have" (their computer) then 
they have left their keys in the car.  Insurance companies already 
know how to deal with that - "sorry about the stolen car but it's 
your fault therefore you are legally responsible for the loss.  Have 
a Nice Day."

To follow the analogy, we are the auto industry and we have yet to 
tell people how to keep their keys and cars separate (or make it 
reasonably possible to do), so it's hard to blame people when their 
car is used in a drive-by...

.d.
> No, I'm not advocating doing nothing if it's not perfect, I'm saying that
> the proposal is lost because it has flaws that will surface more quickly
> than they can be fixed.  Trojans have rendered that not workable until we
> tone down the Trojan problem, which is why this thread is important.

No doubt there are intertwined problems, here: not only are the cars 
and keys kept together, but we've provided houses with no locks so 
Folks can't even put their keys in the kitchen and be safe...  Time 
and experience (and sh*tloads of sweat) will let us fix the things we 
need to fix so we can fix the things we want to fix...

I'm locked in Lifelong Reno Hell at home, for example:  I put a floor 
in one building this year but I needed to level it first, which in 
turn required replacing supporting beams, which you can't get to 
without ripping off a porch, in the process of which you drop a 
backhoe in the septic.  :).  But there's a new floor there now, 
wheelchair access where the porch was and I needed to replace that 
bloody septic, anyway...

But if you take too long thinking about it the building just collapses....

.d.
> > If there aren't huge chunks of this problem that can be
> > digested easily (look at eBay), then the beer is on me...  :~)
> >
>
> The beer's on you anyway!
>
> Paul "I can identify a beer donor a mile away" Robertson

Didn't that "Sucker" tattoo on my forehead wear off by now...?

-chris "walked into another one" blask



Make things as simple as possible but no simpler.

- Albert Einstein

Chris Blask
chris () blask org
http://blaskworks.blogspot.com

+1 416 358 9885