[clue-talk] ID's and Webs of Trust
Jed S. Baer
thag at frii.com
Sun Jun 12 13:46:06 MDT 2005
Just got the website updated for the June DTC meeting KISS session. I
don't completely yet grok all of what CACert is doing, but it sounds
interesting.
But there's a little hitch in the giddyup, I think. They have an identity
"assurance" method, which ties into a web-of-trust model. So there'll be
at least 4 "assurers" at the CLUE meeting to (presumably) check IDs for
folks who want to particpate in the CACert program. What I got via e-mail
said they need 2 photo IDs. And I find that to be interesting. It's a
classic bootstrap problem. I have only one photo ID. There have been very
few times that I've had a second, and only once that I've had a third. I
can guarantee you that the times I've had those second photo IDs, they
weren't based on anything not easily falsifiable. For that matter, my
driver's license has a photo ID, but when I transitioned to that from a
non-photo variety, there's wasn't anything about it different from a
normal renewal process -- oh, you have an existing license which needs
renewal, but we're taking your picture this time. The times when I've had
two photo IDs, the second has been a company ID badge. Not much to that,
just satisfying the I-9 form.
Anyone who's been following the debate over the "RealID" act (which was
passed by tacking onto other legislation, rather than actually getting a
hearing on its own merits) has heard of how easy it was for the 9/11
hijackers to get drivers licenses. Without going into details, fake ID is
no big deal. For example, there's a provision in the procedure for getting
a US passport which allows part of the identity requirements to be
satisfied by having someone else vouch for you.
Webs of trust are interesting and useful things, but it seems to me that
without a verifiable chain of authentication of identity, they really are
based on just that, trust.
jed
--
http://s88369986.onlinehome.us/freedomsight/
Key fingerprint = B027 FEFB 4281 CC72 67D1 4237 F2D0 D356 077A A30E
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-talk
mailing list