James A. Donald (jamesd@echeque.com)
Thu, 14 Jan 1999 21:40:44 -0800
--
At 09:05 AM 1/14/99 -0800, EKR wrote:
> James, I think you're missing David's point here. I'll try
> to rephrase.
>
> A short shared secret like a PIN is too small to use alone,
> either for purposes of authentication or MEK
You are missing my point: That it is used for
authentication, and it should not be.
Our protocols are designed for the case of an anonymous
client and a nymous server. This suits some situations, but
not others. In many cases, for example when conversing with
one's bank or stockbroker, what people want is a nymous
client and a nymous server, and so people are placing a
multitude of shared secrets (PINs, credit card numbers, and
passwords) on top of the anonymous layer, in order to provide
nymity.
Twenty years ago, Diffie and Helman told us this would become
a pain.
It is now a pain. End users are now experiencing this
discomfort today.
Verisign imagined they would cure this problem by certifying
everything. While people may well want their servers
certified, they probably do not want themselves certified.
The verisign solution has not been accepted, and in any case
is not supported by today's browsers as a method of
registration, though it seems unlikely it would be accepted
by the end user even if it was supported.
My point is that current methods are being used as a
convoluted kludge for a problem they were not designed to
solve.
Both the inefficiency of the protocol, and the burden of
registration on the users, are symptoms of this.
--digsig
James A. Donald
6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
WbsJsrPoGeNKh7VfH4xKH8nRwnmQk9IrmGqFcsDM
4NiMEHvHk/SBod2Y2IXXH2/gvZYGwIOAg9/NdkqF3
-----------------------------------------------------
We have the right to defend ourselves and our property, because
of the kind of animals that we are. True law derives from this
right, not from the arbitrary power of the omnipotent state.
http://www.jim.com/jamesd/ James A. Donald
The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:18:03