[9780] in cryptography@c2.net mail archive
Re: when a fraud is a sale, Re: Rubber hose attack
daemon@ATHENA.MIT.EDU (JohnE37179@aol.com)
Mon Nov 5 15:41:44 2001
From: JohnE37179@aol.com
Message-ID: <11a.691e49d.29181fd9@aol.com>
Date: Mon, 5 Nov 2001 12:01:13 EST
To: lynn.wheeler@firstdata.com, JohnE37179@aol.com
Cc: cryptography@wasabisystems.com, egerck@nma.com,
Jason.Gruber@btinternet.com, rick_smith@securecomputing.com,
vertigo@panix.com
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
In a message dated 11/5/01 10:55:39 AM, lynn.wheeler@firstdata.com writes:
<< in the account-based financial transaction ... the requestor is the
card-holder/consumer and the authorization or service entity is the
card-holder's financial institution. >>
I think you have nailed it on the head. When authentication is viewed as the
"first link" in the chain instead of identification. The problem with all
authentication technologies in use today from biometrics to PKI to digital
certs, all finesse the identification process and push it off to some
"trusted" third party...all without clearly defining what that third party
must bring to the table.
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
