Interesting People mailing list archives
"Dilemmas of Privacy and Surveillance" report launched
From: David Farber <dave () farber net>
Date: Wed, 28 Mar 2007 15:48:23 -0400
Begin forwarded message: From: Anne & Lynn Wheeler <lynn () garlic com> Date: March 28, 2007 2:43:50 PM EDT To: dave () farber net Cc: ip () v2 listbox com Subject: "Dilemmas of Privacy and Surveillance" report launched Brian Randell wrote:
Dave:The (UK) Royal Academy of Engineering has just issued a report on "Dilemmas of Privacy and Surveillance" that will I trust be of considerable interest to IP.From their press release at: http://www.raeng.org.uk/news/releases/shownews.htm?NewsID=378 .... The full report is at:http://www.raeng.org.uk/policy/reports/pdf/ dilemmas_of_privacy_and_surveillance_report.pdf
this is somewhat the x.509 identity digital certificate scenario from the early to mid-90s. By the mid-90s most organizations had realized that identity digital certificates, typically grossly overloaded with personal information represented significant privacy and liability issues. What you saw at that time was many organizations retrenching to what they called relying-party-only certificates ... containing nothing more than some sort of database lookup index and a public key. lots of past posts mentioning relying-party-only certificates http://www.garlic.com/~lynn/subpubkey.html#rpo in part because there had been so much information distributed that the only way to provide security was via digital certificates. however, it was trivial to demonstrate that in all of these online scenerios ... that the digital certificate was redundant and superfluous. the original scenario for digital certificates was the electronic analogy to the offline sailing ship days involving physical credential/certificates/licenses or things like letters of credit/introduction ... for secure offline distribution of information. in the transition to online environment such instruments become largely redundant and superfluous. lots of past posts referring to using public key digital signatures for authentication .... w/o requiring digital certificates for secure offline information distribution http://www.garlic.com/~lynn/subpubkey.html#certless similar discussion occurred in this earlier thread (which was also to this mailing list)http://www.garlic.com/~lynn/aadsm25.htm#46 Flaw exploited in RFID- enabled passports
the same philosophy was used in the x9.59 financial standard ... requiring
authentication and authorization ... but not identification http://www.garlic.com/~lynn/x959.html#x959in the mid-90s, the x9a10 financial standard working group had been given the requirement to preserve the integrity of the financial infrastructure for all retail payments. part of a recent thread discussing x9.59 financial standard and some of the other events that went on in the mid-90s ... and
how it continues to impact things todayhttp://www.garlic.com/~lynn/2007f.html#2007f.html#72 Securing financial transactions a high priority for 2007 http://www.garlic.com/~lynn/2007f.html#2007f.html#75 Securing financial transactions a high priority for 2007
in fact, in the mid-90s, we claimed that x9.59 was highly secure, contained countermeasures to large variety of known vulnerabilities and was privacy agnostic ... other posts
mentioning x9.59 http://www.garlic.com/~lynn/subpubkey.html#x959 ------------------------------------------- Archives: http://v2.listbox.com/member/archive/247/@now Powered by Listbox: http://www.listbox.com
Current thread:
- "Dilemmas of Privacy and Surveillance" report launched David Farber (Mar 28)
- <Possible follow-ups>
- "Dilemmas of Privacy and Surveillance" report launched David Farber (Mar 28)