[45322] in Cypherpunks
Re: Usability of Cryptography (was Re: More FUD from First Virtual)
daemon@ATHENA.MIT.EDU (Nathaniel Borenstein)
Wed Dec 13 08:29:08 1995
Date: Wed, 13 Dec 1995 08:13:06 -0500 (EST)
From: Nathaniel Borenstein <nsb@nsb.fv.com>
Reply-To: Nathaniel Borenstein <nsb+limbo@nsb.fv.com>
To: bryce@colorado.edu, "James A. Donald" <jamesd@echeque.com>
Cc: cypherpunks@toad.com (Cypherpunks Mailing List), e$@thumper.vmeng.com
In-Reply-To: <199512130722.XAA11947@blob.best.net>
Excerpts from mail.limbo: 12-Dec-95 Re: Usability of Cryptograp.. "James
A. Donald"@echequ (1242*)
> If we stick to a lesser goal -- constancy of identity --
> this is not so hard. In general it is impossible to prove that
> Bryce is the "real" Bryce, but it is trivial to prove that
> Bryce is the same Bryce who has a certain Web page, and the
> same Bryce who posted a certain article in archives.
Agreed completely, if you add:
"....unless the person claiming to be Bryce is someone who managed to
steal secret keys from that same Bryce."
Without this clause, it seems to me you're assuming that secret keys (or
other identity-verifying tokens) can't ever be stolen. Insofar as you
use multiple things (cryptography, IP address, etc.) to identify
someone, you can make it harder to impersonate someone, but each of
these things is ultimately forge-able. -- NB
--------
Nathaniel Borenstein <nsb@fv.com> (FAQ & PGP key: nsb+faq@nsb.fv.com)
Chief Scientist, First Virtual Holdings
VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf
