Re: trust and identity on the internet

From: david.preiss@yale.edu
Date: Tue Mar 23 2004 - 15:51:19 PST


What a technically complex thing, Bill! I just realized how aliterate I
am concerning IT! This was an enlightening note! Let us hope that Bill
Gates will not achieve his goal of charging us for sending e-mails!
David

Quoting Bill Barowy <wbarowy@attbi.com>:

> On Monday 22 March 2004 9:27 pm, david.preiss@yale.edu wrote:
> > And what will happen with our email identities once we have to pay
> for
> > sending emails? Would that stop spoofing in a "cheaper" way,
> > technologically speaking, but in a more expensive way,
> democratically
> > speaking? What is the exchange value of trust? What is its use
> value?
> > What is more expensive, to trust somebody's identity by default or
> to
> > mistrust somebody's by default? It seems that our biological
> > disposition is to trust those that are immediately close to us (ask
> a
> > developing baby) but we can be very sophisticated in developing
> > cultures of mistrust to the others.
>
> These are compelling socio-technological questions, David. There's
> an old
> cartoon "On the Internet no one knows your a dog" which has a dog
> sitting at
> a computer. How do we get to know people? Another way to ask this
> is how do
> we normally verify people's identities?
>
> Sometimes we do it face to face (f2f). I've met several xmca'ers
> first
> through this medium, but I felt highly interested in meeting them
> f2f.
> Sometimes this was through conferences, but other times just through
> having
> dinner together when my travel brought me near to them, or them near
> to me.
>
> Sometimes we rely upon a third party, such as the state or federal
> government.
> We trust the government to make the verification for us -- the
> process of
> authentication. A driver's license or passport or perhaps a birth
> certificate. But then we try match the face with that on the ID if
> we really
> want to be safe(r).
>
> Being on line poses special problems. Right now there is little
> authentication mechanism for xmca, so I can pose as Nate, and he can
> pose as
> me, as we both did recently. (What xmca does to verify is only that
> the
> address appearing in the "from" field is in its list of members.
> since are
> both members we could send emails as each other)
>
> How did I know it was Nate spoofing to be me? Well, part of my
> identity is
> that of computer geek, and I've learned to read the signatures of
> emails. I
> was lucky, cause N did not forge everything, just the "from" address.
> By
> probing deeper into the email, and having a past record of N's posts
> to
> compare, the guess seemed like a pretty good one.
>
> The Nigerian 419 fraud takes advantage of the anonymizing qualities
> of the
> Internet to convince people to give away their bank account numbers
> and other
> socio-technical extensions of identity so that the thieves may spoof
> the
> banks into giving the thieves the victims money. Or even worse, the
> victim
> travels to the ivory coast where (s)he is held for ransom. Identity
> is not
> confined to who you think you are. It is also who others think you
> are.
>
> None of these problems are solved by paying to send emails. But how
> to trust
> someone does become a more explicit process specifically because
> mechanization is involved. It's an interesting twist of the usual
> *operations --> moves to --> mechanization* process Leont'ev wrote
> about. To
> trust someone successfully on the Internet the process goes from
> being
> completely untrusting to being more trusting, and the only
> interaction one
> ever trusts completely is with oneself. And even then that is not a
> good
> idea. First, one must make the decision not to trust a single medium
> of
> communication, not ever. And certainly not the medium of the
> Internet. Not
> only can people spoof being others, but your email can be tampered
> with as it
> is in transit, depending upon the circumstances and the configuration
> of the
> technology.
>
> So, for example, suppose you want to verify my digital signature in
> my prior
> email. You first need the encryption software, which you can
> download in
> various places, MIT being one. How do you trust the software? You
> don't.
> But the software makers also make available special codes (checksums)
> that
> you can compare with tests you run on the encryption software. And
> how do
> you trust software that runs the tests? Or the codes? It becomes
> rather
> complex and that is why the term "a web of trust" has emerged in the
> field.
> OK so suppose you finally feel comfortable, after a lot of checking,
> that the
> encryption software is (relatively) secure. Why do you need it?
> Basically
> because the medium cannot be trusted and the best way presently to
> send a
> digital signature is to encrypt it with a private key, that only the
> signer
> has access to. Tampering with the sig en route would corrupt it and
> it would
> be obvious to the person decoding the signature.
>
> For decoding and verifying my sig and email with the encryption
> software, you
> will also need my public key. It is the partner to my private key
> that I can
> share with anyone. A copy can be obtained at MIT or at various other
> servers
> around the net. How do you know it's mine? You run a test on it, and
> tell me
> the results (called a "fingerprint") by making a phone call, or
> sending them
> in regular mail, or showing it to me at AERA -- by some other medium
> than
> that which it is to be used. I tell you if the fingerprint is right.
> Using
> a differnt communication medium lowers the chance that someone will
> spoof my
> ID during this authentication. In making this verification, you are
> relying
> upon your initial check on your own software -- you build trust from
> the
> ground up. This is the point where you tell the software that my
> public key
> is verified that it does in fact partner with my private key and
> truly
> belongs to me. It will then let you authenticate my signature, and
> the
> contents of my email. The reason it can do this is because the
> signature
> changes with the contents of every email, as a function of those
> contents.
>
> Suppose we can't meet to exchange fingerprints, or we really don't
> trust the
> mail or the phone. What do we do? If we have a mutually trusted
> person, (by
> the process I just described) that person can effectively vouch for
> us. For
> example I trust you, because I trust Mike, who trusts you, and vice
> versa.
> What happens is that one builds a web of trust by building a social
> network,
> more precisely a socio-technical network, of people and software and
>
> computers and networks. At this point in time the government plays
> little
> role (except to limit us in our abilities to do what I just
> described).
>
> At the moment all of this is free, as in costs no money AND
> especially as in
> freedom of speech. And the bottom line is that unless my emails are
>
> digitally signed on xmca, and you've verified them as authentic, you
> cannot
> be guaranteed they're mine.
>
> Oh -- an another interesting thing. It is a similar process that
> your browser
> goes through with the bank or with a merchant when you are banking or
> making
> purchases on line. the banks and the merchants had to set up their
> own "web
> of trust" by the third party mechanism, such as verisign, to
> authenticate
> keys and signatures.
>
> bb
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>



This archive was generated by hypermail 2b29 : Tue Nov 09 2004 - 11:42:24 PST