[186651] in North American Network Operators' Group
Re: de-peering for security sake
daemon@ATHENA.MIT.EDU (Damian Menscher via NANOG)
Sun Dec 27 01:20:12 2015
X-Original-To: nanog@nanog.org
In-Reply-To: <CAEmG1=ou3ykHUqV4LSsc5AL-Rn1k6GsPK2Rv7Hwj4MaWHuQXTw@mail.gmail.com>
Date: Sat, 26 Dec 2015 22:17:23 -0800
To: Matthew Petach <mpetach@netflight.com>
From: Damian Menscher via NANOG <nanog@nanog.org>
Reply-To: Damian Menscher <damian@google.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Sat, Dec 26, 2015 at 10:06 PM, Matthew Petach <mpetach@netflight.com>
wrote:
> Thanks for the reminder to look at it from multiple perspectives.
>
The key attribute missing from the discussion so far is that the factors be
*different*, from the set of:
- something you know (password / PIN)
- something you have (keyfob / OTP generator / chip)
- something you are (fingerprint / retina scan)
Claiming a passphrase and key are two "factors" is missing the point --
they both come from the same set (a secret which could be cloned). If you
believe those are two factors then a password alone is 10 factors (one for
each character)! ;)
Damian
