Re: A proposal for secure videoconferencing and video messaging over the Internet

Thu, 27 Jul 2000 08:10:50 -0700 

     --
James A. Donald writes:
 >  > In real life situations where one wishes a conversation to be
 >  > secure, people are most commonly authenticated by not by true
 >  > name, but  by face.

At 02:49 PM 7/26/2000 -0700, Eugene Leitl wrote:
 > We're mixing several unrelated items in one pot here. One thing is
 > authentication, the other is securety. Authentication is when Alice
 > can prove with a very high probability that the current transaction
 > is being conducted with Bob, while in the past Alice or a party
 > Alice trusts has already had dealings with Bob. This creates a
 > machinery for maintaining a private (but publicable) list of
 > identities which can build trust,

If that is all we want, we would not need any authentication at all.  We 
would merely care that Bob is the same Bob, not that he is the real Bob, 
which can be established by an un authenticated public key, as in in the 
Kong crypto system  <http://www.jim.com/jamesd/Kong/>

The proposed system <http://catalog.com/jamesd/kong/secure_video.htm> 
provides that level of security.  A message that appears to be from a 
certain account can only come from someone who know the passphrase, 
regardless of whether you can see his face or not.

However much of the time we want to establish a slightly greater level of 
security, for example that Bob is the guy who works at our company, but is 
momentarily offsite, and not another Bob working for our competitor, we 
want to link a nym to a face.

For this purpose true name credential provide no real benefit, since it is 
quite hard for the original Bob to prove he is really Bob.  One effective 
way would get an unauthenticated public key signature from him face to 
face, (as in the PGP webn of trust) and then compare it with a later public 
key signature when he is communicating with us long distance, but ordinary 
people who are not crypto experts are incapable of doing this, and even 
crypto experts like myself are just too damn lazy to do it.

Looking at someone's face, and hearing his voice, is good enough in all 
common circumstances, and common circumstances means "where the customers are".

     --digsig
          James A. Donald
      6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
      lyvUXs8pXQDFRoZ09NXrsi3Xt/zA9HmLUF0BbCtD
      4YcNxd9Kd1ppHdM22MpekXnGFWTykfXJXy+MDZAYF

Reply via email to