[2548] in WWW Security List Archive
Re: Security/Privacy of Certificates in Netscape 3.0
daemon@ATHENA.MIT.EDU (Adam Shostack)
Tue Jul 30 09:34:29 1996
From: Adam Shostack <adam@homeport.org>
To: meijer@verisign.com (Paul Meijer)
Date: Tue, 30 Jul 1996 07:16:47 -0500 (EST)
Cc: www-security@ns2.rutgers.edu, gene@hpfsvr01.cup.hp.com
In-Reply-To: <2.2.32.19960729185017.006dec50@dustin.verisign.com> from "Paul Meijer" at Jul 29, 96 11:50:17 am
Errors-To: owner-www-security@ns2.rutgers.edu
SSN, Birthdate, and credit card number?
You're checking to see that someone has stolen my wallet?
Incidentally, isn't using a credit card number as a means of identity
checking a violation of your merchant agreement?
Adam
Paul Meijer wrote:
| Gene Ingram's recent message doesn't fully capture the VeriSign Digital ID
| application and issuing process.
|
| The only fields required to be in a Class 2 Digital ID are user name and
| email address. Home address is optional. The Digital ID does not contain social
| security number, birthdate or any other verification information. (The
| enrollment pages say "This information is used to verify your identity; it
| is kept confidential and NOT included in your Digital ID")
|
| SSN and birthdate, among other things, are used to authenticate identity.
| This is also why we request a credit card number. We don't charge credit
| cards for services unless we state so EXPLICITLY. We indicate that our Class
| 2 Service is in beta and we state that we do not charge the applicant's
| credit card. We do check the Equifax credit database, and we use the credit
| card check to help authenticate identity.
--
"It is seldom that liberty of any kind is lost all at once."
-Hume
