home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!zaphod.mps.ohio-state.edu!cs.utexas.edu!torn!cunews!revcan!micor!uuisis!tanda!marc
- From: marc@tanda.isis.org (Marc Thibault)
- Reply-To: marc@tanda.isis.org
- Newsgroups: sci.crypt
- Subject: Re: User authentication
- Message-ID: <104729351DN5.61R@tanda.isis.org>
- References: <6002@transfer.stratus.com> <1992Aug31.135512.16204@sniap.mchp.sni.de>
- Date: Tue, 01 Sep 92 11:07:06 EDT
- Distribution: na
- Organization: Thibault & Friends
- Lines: 31
-
- In article <1992Aug31.135512.16204@sniap.mchp.sni.de>
- () writes:
- ...
- >
- > What I'm trying to show you is that you will need some
- > proof that I represent IBM (I don't :-) *before* you will
- > accept my key and set up my/our "RSA account". The
-
- Not at all -- many banks provide anonomous accounts. The only
- requirement is a secure authentication mechanism that shows
- whoever is withdrawing funds is the person who opened the
- account in the first place. The usual is a number signed in
- longhand, related to, but not the same as the 'account
- number'.
-
- > original poster was saying that unidentified keys
- > are acceptable for groups - they're not, though they
- > may be alright for anonymous posting type applications.
-
- No bank will give you money just because you belong to a depositor
- organisation. You have to be designated and they must have your
- signature on file. If they have your signature, they won't give a
- tinker's dam for your "true identity". This is functionally
- indistinguishable from having the private key to match the public
- key provided by whoever opened the account.
-
- You may not have noticed the last time you opened an account, but
- I'll bet no one asked you for any proof of identity.
-
- ,Marc
-
- ---
- Marc Thibault | | Any Warming,
- marc@tanda.isis.org | Oxford Mills, Ontario | Global or otherwise,
- CIS:71441,2226 | Canada | appreciated.
-
-
