Re: [fw-wiz] The home user problem returns

From: Chris Blask (
Date: 09/13/05

  • Next message: Dale W. Carder: "Re: [fw-wiz] The home user problem returns"
    To: "Paul D. Robertson" <>
    Date: Tue, 13 Sep 2005 11:14:45 -0400

    At 10:47 AM 9/13/2005, Paul D. Robertson wrote:
    >On Mon, 12 Sep 2005, Chris Blask wrote:

    Hey Paul!

    > > The problem is that, without any sort of identity (and there is
    > > exactly 0.0000% of net traffic using anything worth calling
    > > identity), it is impossible to treat Identified traffic and Anonymous
    > > traffic differently, as they logically deserve.
    >Two words: Identity Fraud.

    ?! (I'll never see that again without thinking of Scooby Doo -
    thanks, P Melson! ;~)

    Not sure where you were going with that, but my point is that I (as a
    network owner) can choose to treat Identified traffic with one (or
    more) level of trust and Un-Identified traffic with another
    (logically much lower) level of trust.

    I have to correct my "0.0000%" comment, as well. There is actually
    quite a lot of practical Identity being used on the net, *we* just
    have not provided much of it. Anyone who buys and sells on eBay or
    orders something online is using Identity to a level that is
    acceptable to the other party. As long as the level of fraud in
    these transactions is similar-to or lower-than the level of fraud in
    non-net transactions, then the methods they are using are correct.

    > > Decentralized, distributed responsibility. If I own an auth server
    > > then I am responsible for the activities of those who use it. If I
    >You're willing to be responsible for your user's behavior? After they're

    Sorry, incorrectly stated: I'm willing to be responsible for knowing
    who the real human is who has used my Identity service.

    >Just like the encryption boundary problem that is the reason SSL is
    >severely broken as a concept, the use of identity can't be done in a
    >system that's not closed, and we don't have the methods, technologies or
    >wherewithall to close the software, transport and physical endpoints

    We use identity in the physical world in a way that allows us to
    function, with all sorts of weaknesses in that identity process
    (sure, put a picture on my credit card, no-one will look at it; my
    Mother's Maiden Name, are you serious!?!)).

    IMHO, the reaons we have no success as an industry in providing
    Identity on the net is that we search for a "DNA-Sample" level of
    verification. We don't do this in the real world but succeed in
    moving trillions of dollars in assets back and forth every day. In
    my own Living With Chaos view of the world, complex problems are
    solved by dividing them into chunks until the pieces can be
    digested. If there aren't huge chunks of this problem that can be
    digested easily (look at eBay), then the beer is on me... :~)



    I'm not good in groups. It's difficult to work in a group when you're

    -Q, Star Trek

    Chris Blask

    +1 416 358 9885

    firewall-wizards mailing list

  • Next message: Dale W. Carder: "Re: [fw-wiz] The home user problem returns"