trust and identity on the internet

From: Bill Barowy (wbarowy@attbi.com)
Date: Mon Mar 22 2004 - 19:55:11 PST


On Monday 22 March 2004 9:27 pm, david.preiss@yale.edu wrote:
> And what will happen with our email identities once we have to pay for
> sending emails? Would that stop spoofing in a "cheaper" way,
> technologically speaking, but in a more expensive way, democratically
> speaking? What is the exchange value of trust? What is its use value?
> What is more expensive, to trust somebody's identity by default or to
> mistrust somebody's by default? It seems that our biological
> disposition is to trust those that are immediately close to us (ask a
> developing baby) but we can be very sophisticated in developing
> cultures of mistrust to the others.

These are compelling socio-technological questions, David. There's an old
cartoon "On the Internet no one knows your a dog" which has a dog sitting at
a computer. How do we get to know people? Another way to ask this is how do
we normally verify people's identities?

Sometimes we do it face to face (f2f). I've met several xmca'ers first
through this medium, but I felt highly interested in meeting them f2f.
Sometimes this was through conferences, but other times just through having
dinner together when my travel brought me near to them, or them near to me.

Sometimes we rely upon a third party, such as the state or federal government.
We trust the government to make the verification for us -- the process of
authentication. A driver's license or passport or perhaps a birth
certificate. But then we try match the face with that on the ID if we really
want to be safe(r).

Being on line poses special problems. Right now there is little
authentication mechanism for xmca, so I can pose as Nate, and he can pose as
me, as we both did recently. (What xmca does to verify is only that the
address appearing in the "from" field is in its list of members. since are
both members we could send emails as each other)

How did I know it was Nate spoofing to be me? Well, part of my identity is
that of computer geek, and I've learned to read the signatures of emails. I
was lucky, cause N did not forge everything, just the "from" address. By
probing deeper into the email, and having a past record of N's posts to
compare, the guess seemed like a pretty good one.

The Nigerian 419 fraud takes advantage of the anonymizing qualities of the
Internet to convince people to give away their bank account numbers and other
socio-technical extensions of identity so that the thieves may spoof the
banks into giving the thieves the victims money. Or even worse, the victim
travels to the ivory coast where (s)he is held for ransom. Identity is not
confined to who you think you are. It is also who others think you are.

None of these problems are solved by paying to send emails. But how to trust
someone does become a more explicit process specifically because
mechanization is involved. It's an interesting twist of the usual
*operations --> moves to --> mechanization* process Leont'ev wrote about. To
trust someone successfully on the Internet the process goes from being
completely untrusting to being more trusting, and the only interaction one
ever trusts completely is with oneself. And even then that is not a good
idea. First, one must make the decision not to trust a single medium of
communication, not ever. And certainly not the medium of the Internet. Not
only can people spoof being others, but your email can be tampered with as it
is in transit, depending upon the circumstances and the configuration of the
technology.

So, for example, suppose you want to verify my digital signature in my prior
email. You first need the encryption software, which you can download in
various places, MIT being one. How do you trust the software? You don't.
But the software makers also make available special codes (checksums) that
you can compare with tests you run on the encryption software. And how do
you trust software that runs the tests? Or the codes? It becomes rather
complex and that is why the term "a web of trust" has emerged in the field.
OK so suppose you finally feel comfortable, after a lot of checking, that the
encryption software is (relatively) secure. Why do you need it? Basically
because the medium cannot be trusted and the best way presently to send a
digital signature is to encrypt it with a private key, that only the signer
has access to. Tampering with the sig en route would corrupt it and it would
be obvious to the person decoding the signature.

For decoding and verifying my sig and email with the encryption software, you
will also need my public key. It is the partner to my private key that I can
share with anyone. A copy can be obtained at MIT or at various other servers
around the net. How do you know it's mine? You run a test on it, and tell me
the results (called a "fingerprint") by making a phone call, or sending them
in regular mail, or showing it to me at AERA -- by some other medium than
that which it is to be used. I tell you if the fingerprint is right. Using
a differnt communication medium lowers the chance that someone will spoof my
ID during this authentication. In making this verification, you are relying
upon your initial check on your own software -- you build trust from the
ground up. This is the point where you tell the software that my public key
is verified that it does in fact partner with my private key and truly
belongs to me. It will then let you authenticate my signature, and the
contents of my email. The reason it can do this is because the signature
changes with the contents of every email, as a function of those contents.

Suppose we can't meet to exchange fingerprints, or we really don't trust the
mail or the phone. What do we do? If we have a mutually trusted person, (by
the process I just described) that person can effectively vouch for us. For
example I trust you, because I trust Mike, who trusts you, and vice versa.
What happens is that one builds a web of trust by building a social network,
more precisely a socio-technical network, of people and software and
computers and networks. At this point in time the government plays little
role (except to limit us in our abilities to do what I just described).

At the moment all of this is free, as in costs no money AND especially as in
freedom of speech. And the bottom line is that unless my emails are
digitally signed on xmca, and you've verified them as authentic, you cannot
be guaranteed they're mine.

Oh -- an another interesting thing. It is a similar process that your browser
goes through with the bank or with a merchant when you are banking or making
purchases on line. the banks and the merchants had to set up their own "web
of trust" by the third party mechanism, such as verisign, to authenticate
keys and signatures.

bb



This archive was generated by hypermail 2b29 : Tue Nov 09 2004 - 11:42:24 PST