[ih] email at scale

Miles Fidelman mfidelman at meetinghouse.net
Tue May 22 11:47:53 PDT 2012


Leo Vegoda wrote:
> On Tue, May 22, 2012 at 10:09:00AM -0700, Tony Li wrote:
>
> [...]
>
>> At this point, the entire notion of identity seems to have some very strong requirements for security.  And security has become pretty deeply rooted in cryptography, which is obviously an ongoing arms race. So I think you are correct that we are in fact doomed, but should try anyway.
> Assuring identity is not so difficult in controlled structures,
> like a company or government department. It is more difficult to do
> for the public at-large because there might well not be any official
> identity service. In a country where there are government issued or
> approved identity documents I can see how identity could be
> bootstrapped. How would it be done in a country where no such
> service exists and the majority of the population vote against the
> creation of such a service?

Pretty much any country that has some kind of economy has banks and 
notaries and such - otherwise, international contracts and business 
would be pretty much impossible.  That's a pretty good place to start.

For example, if you're a government contractor and need to get a PKI 
certificate for access to government systems - the place you start is a 
local notary.  You bring in the paperwork, along with solid id (e.g., a 
passport), and get notarized papers to forward to the keying authority.  
That works pretty well.

Or... start with credit cards.  You generally have to establish identity 
to get a bank account and/or credit card.  That's a pretty good start 
when obtaining a crypto cert.



-- 
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra





More information about the Internet-history mailing list