[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: global names are a security flaw

On Thu, 4 Dec 1997, Bill Buffam wrote:

-> Ed Gerck wrote:
-> > 
-> > 
-> > My fingerprint, retina scan and DNA sequence and are three examples of
-> > global names. Their existence would never mean a security flaw -- on the
-> > contrary, they may allow myself to prove innocence in court.  Conversely,
-> > to pick a simple example (cf Bohm), if a man charged with a crime is seen
-> > on video footage committing it, and has the same DNA and fingerprints of
-> > which evidence was found at the scene, his birth name and place of birth
-> > are irrelevant:  he has been identified as the criminal by his global
-> > "names":  fingerprints and DNA.
-> Seems to me that biometrics are all well and good, except that you have
-> the fundamental bootstrap problem of securely associating the biometric
-> with the proper person. 

My example of biometrics was just to show that global names not only exist
but are also definitely not a security or a privacy flaw. Rather, they
were used in my posting with a Gedankenexperiment to show that global
names can indeed enhance security while keeping privacy.

My second example, using Carl's PGP key-fingerprint, did not use any
biometrics and provided an example of a global name that enhances security
(and as such is used in Carl's e-mail footer) while keeping privacy if
seen all by itself.

Carl's declarations that global names are a security flaw can thus be
easily seen to be the reverse -- with or without biometrics. 

-> [snip, discussion of biometric credentials]
-> Equipping them with those credentials, even supposing it's
-> ethically and politically feasible, runs into precisely the kind of
-> problem Carl described.

No, these are three entirely different problems:

1. Global names are not a security flaw. Period.

2. Biometrics have limited application. Agreed, but besides the point.

3. "the kind of problem Carl described" could just as well be exemplified 
   with local names. It is due to a poor protocol, not to a poor naming
   scheme. It has nothing to do with a "flaw" of global names. 



Dr.rer.nat. E. Gerck                        egerck@laser.cps.softex.br

Follow-Ups: References: