Re: [fw-wiz] The home user problem returns

From: Chris Blask (
Date: 09/14/05

  • Next message: Tina Bird: "RE: [fw-wiz] The home user problem returns"
    To: "Paul D. Robertson" <>
    Date: Tue, 13 Sep 2005 21:39:56 -0400

    At 05:37 PM 9/13/2005, Paul D. Robertson wrote:
    >On Tue, 13 Sep 2005, Chris Blask wrote:
    > > Hey <again> Paul!
    >My point is that identification is *hard*- it's a boundary problem, and we
    >don't have a solid boundary. That means that abuse is easy- an attacker
    >will just come through as someone else, so everyone will be "identified,"
    >they just won't necessarily match their identification.

    Parts of Identity need not be so hard to manage. I have not heard of
    eBay having a huge problem with people stealing other users'
    Identity, for example.

    "Something you have, something you know." The "have" is the
    computer, which you are correct to say can be compromised. The
    "know" need not be so easily compromised.

    > > Sorry, incorrectly stated: I'm willing to be responsible for knowing
    > > who the real human is who has used my Identity service.
    >But you don't- you know who's credentials were used, and that's it.
    >That's pretty far from knowing who the user is.

    If someone stores their "know" on the "have" (their computer) then
    they have left their keys in the car. Insurance companies already
    know how to deal with that - "sorry about the stolen car but it's
    your fault therefore you are legally responsible for the loss. Have
    a Nice Day."

    To follow the analogy, we are the auto industry and we have yet to
    tell people how to keep their keys and cars separate (or make it
    reasonably possible to do), so it's hard to blame people when their
    car is used in a drive-by...

    >No, I'm not advocating doing nothing if it's not perfect, I'm saying that
    >the proposal is lost because it has flaws that will surface more quickly
    >than they can be fixed. Trojans have rendered that not workable until we
    >tone down the Trojan problem, which is why this thread is important.

    No doubt there are intertwined problems, here: not only are the cars
    and keys kept together, but we've provided houses with no locks so
    Folks can't even put their keys in the kitchen and be safe... Time
    and experience (and sh*tloads of sweat) will let us fix the things we
    need to fix so we can fix the things we want to fix...

    I'm locked in Lifelong Reno Hell at home, for example: I put a floor
    in one building this year but I needed to level it first, which in
    turn required replacing supporting beams, which you can't get to
    without ripping off a porch, in the process of which you drop a
    backhoe in the septic. :). But there's a new floor there now,
    wheelchair access where the porch was and I needed to replace that
    bloody septic, anyway...

    But if you take too long thinking about it the building just collapses....

    > > If there aren't huge chunks of this problem that can be
    > > digested easily (look at eBay), then the beer is on me... :~)
    > >
    >The beer's on you anyway!
    >Paul "I can identify a beer donor a mile away" Robertson

    Didn't that "Sucker" tattoo on my forehead wear off by now...?

    -chris "walked into another one" blask

    Make things as simple as possible but no simpler.

    - Albert Einstein

    Chris Blask

    +1 416 358 9885

    firewall-wizards mailing list

  • Next message: Tina Bird: "RE: [fw-wiz] The home user problem returns"