[18105] in cryptography@c2.net mail archive
Re: solving the wrong problem
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Sat Aug  6 18:29:48 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
To: "Steven M. Bellovin" <smb@cs.columbia.edu>
Cc: John Kelsey <kelsey.j@ix.netcom.com>, cryptography@metzdowd.com
From: "Perry E. Metzger" <perry@piermont.com>
Date: Sat, 06 Aug 2005 17:36:46 -0400
In-Reply-To: <20050806211624.8B2E53BFECD@berkshire.machshav.com> (Steven M.
 Bellovin's message of "Sat, 06 Aug 2005 17:16:24 -0400")
"Steven M. Bellovin" <smb@cs.columbia.edu> writes:
> Tickets are an excellent use for this, because it binds the printing to 
> a specific physical object.  The concert industry has had a problem 
> with trying to use print-at-home tickets -- the fraudsters buy a single 
> ticket, then print it multiple times and sell the resulting tickets to 
> others.  One group is resorting to requiring ID at the door -- buyers 
> will never have a physical ticket until after they're escorted inside, 
> to eliminate the opportunity for such fraud.  (See
> http://www.nytimes.com/2005/08/06/arts/music/06scal.html for more 
> details.)
The threat model is slightly more complex than that. The industry
doesn't want people reselling real tickets, either, which is one
reason that physical objects aren't enough. In fact, the NY Times
article you cite mentions people being physically escorted in to
prevent resale as well as duplication.
> Yes, you could do everything via an online system based on identity 
> documents.  Apart from the privacy implications, and the problem of 
> coping with network failures just prior to the start of a concert or 
> game, dealing with the multiple forms of ID people carry isn't easy; it 
> requires a fair amount of preparation and infrastructure.  As I said, 
> people may be moving in that direction, but the article itself called 
> the scheme "laborious"; the band's manager called it "unbelievably 
> cumbersome".
A variant on the moviefone.com model might work better for these folks
-- have the person buy the tickets with a credit card, and use a
machine to check that they are in physical possession of said card
when they enter the theater. Most people will not loan their cards to
strangers, so the model works reasonably well without excess amounts
of supervision by humans.
> I don't disagree with Perry's basic statement -- that a lot of people 
> try to solve the wrong problem.  Here, though, we have a tool.  It 
> remainds to be determined if it's a hammer, screwdriver, or wrench, and 
> hence what problems to apply it to.
Oh, sure, I think it may be a fine tool, but it is a very narrow tool,
and possibly a hard one to use. It might make sense for offline
authentication of printed bearer financial instruments (like currency)
based on a digital signature on the "fingerprint" information and
similar stuff. My problem is with the claimed use in identity
documents, which seems entirely wrongheaded...
Perry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com