From owner-mcg-talk@localhost Mon Apr 21 13:12:01 1997 Return-Path: owner-mcg-talk@novaware.cps.softex.br Received: (from majordom@localhost) by localhost (8.8.5/v3.2) id NAA12385 for mcg-talk-outgoing; Mon, 21 Apr 1997 13:12:01 -0300 Date: Mon, 21 Apr 1997 13:12:01 -0300 Message-Id: <199704211612.NAA12385@localhost> From: "268791" Subject: Authenticating identities Sender: owner-mcg-talk@novaware.cps.softex.br Status: RO X-Status: Much discussion of authenticating the identity of an unknown correspondent assumes that the concept of identity is simple. I believe that it is complex, and that it would be a valuable function of an RFC on the subject to introduce new clarity into the discussion. (Although the discussion has been prompted by electronic communications, they are not different in principle from letters, telex or fax; but they are different in degree, in having less extraneous material to supplement the effect of their content in identifying their source. The problem is therefore not new, although now greater, and one must from time to time remind oneself that social and commercial life mostly run quite smoothly despite the risks of forgery.) When you receive a communication from an unknown person ("UP"), what exactly do you want to know about them? Asking the question in this broad way leads to the obvious conclusion that it depends on circumstances. Here are a few illustrations of the questions you might feel the need to have answered, depending on the message: 1 Is UP truthful? 2 Has UP the means to pay me? 3 Is UP really the author of "Tom Sawyer"? You might suggest that a more basic question would be: 4 Is UP who he says he is? But although this looks more basic, I suggest that on analysis it emerges that this question is just an abbreviation for a fuller list of questions much more like those in 1, 2 and 3. No doubt every human being is born with some unique and unalterable characteristics, such as DNA sequences and fingerprints. But these characteristics are not useful for identifying people in ordinary circumstances. No doubt it would be useful if people were also born with a unique and unalterable name, but they are not. Even in those countries where the law requires that every person should have an official name, I doubt that no two people ever have the same name, even within one country. And there are many countries, such as the United Kingdom, where people can change their names without formality or official records, and can use several names for different purposes, none of which are more truly theirs than any other. (Authors and entertainers commonly use several names.) Without wishing to be philosophical about this, a person is the aggregate of his past. He is the person who was born at some place and time (known to him only by the assertions of others), was educated at this and that school and university, has held this and that employment, published these papers, become known to this bank or mortgage lender, those neighbours and these friends, owns these assets and has those debts, has that appearance and this signature (at the moment), committed that crime, left these fingerprints at the scene, etc, etc. To identify someone is to assemble a collection of facts which are true of that person and no other. Which facts are necessary depends on which are available, and which are provable by convincing evidence, and which are relevant for the purpose for which the question is asked. To pick a simple example, if the man charged with the crime is seen on video footage committing it, and has the same DNA and fingerprints of which evidence was found at the scene, his name and place of birth are irrelevant: he has been identified as the criminal. (The example is sketchily stated, I know, but I hope the point is plain.) The purpose of these observations is to demonstrate that it would be useful for the RFC to articulate clearly the content of any concept of identity that it employs. An identity, in one sense, is the relationship between two entities, whether geometrical figures, values of currencies, etc. In the case of a person, what is the other entity and what is the relationship? This is closely connected, of course, with the practical question of what evidence is adequate to establish the relationship defined. Verisign Inc class 3 certificates require personal attendance before a notary and presentation of three forms of identification such as passport, driver's licence, credit card, etc. This does not seem a very high standard, but it is at least clear and practical. It does not prevent impersonation by well-organised criminals, or by any government. That is probably a drawback of every form of evidence designed to be available to a wide range of persons and to identify them to others with no previous knowledge of them. In the ordinary course of social and commercial relationships, of course, people are identified to one another by a wide range of informal evidence accumulated over time. This often provides a more secure assurance less open to impersonation. It is this kind of distributed and slow authentication that is represented by PGP key signatures. Perhaps some amalgamation of the one-shot and accumulative approaches to authentication could be identified in the RFC. Regards, Nicholas Bohm ------------------------------------------------------------------------ Salkyns, Great Canfield, Takeley, Bishop's Stortford CM22 6SX, UK Phone 01279 870285 (Internationally +44 1279 870285) Fax 01279 870215 (Internationally +44 1279 870215) Mobile 0860 636749 (Internationally +44 860 636749)