- From: Chuck Wade <Chuck@Interisle.net>
- Date: Thu, 15 Jun 2006 22:20:44 -0400
- To: Chris Drake <christopher@pobox.com>
- CC: public-usable-authentication@w3.org
Chris, I would not characterize my comment as expressing "highly negative sentiment." I'm just being pragmatic. If the "problem" is abuse and fraud in the context of online services built on top of the Web model, then authentication is only one part of the overall security problem. For example, what about "access control?" It depends on authentication, but even if the authentication is perfect, there are still ways for an authenticated party to gain unauthorized access to information or services (e.g., privilege escalation). Another example is non-repudiation where authentication again plays a role, but cannot by itself prevent a party from repudiating a transaction, or details of a transaction. Authentication also depends on practices and procedures for enrolling users, organizations and Web sites that can be attacked and compromised. The result might be that an illegitimate party is erroneously enrolled, which would allow them to authenticate as though they were legitimate, no matter how effective the authentication measures might be. The larger point I was trying to make, and that Phillip had already stated quite well, is that we need to improve on the existing solutions, even though we will never fully solve all of the problems. We just need to make things get better, hopefully much better. And to that end, "effective *mutual* authentication" is very important. ...Chuck Chris Drake wrote: > Hi Chuck, > > Friday, June 16, 2006, 7:18:53 AM, Chuck wrote: > > >> It is also worth noting that even the most effective mutual >> authentication techniques do not solve the problem either, ... >> > > That's a pretty sweeping, highly negative sentiment! What, exactly, > do you mean? I can only guess that your idea of "most effective" > isn't really "most effective", and you probably meant something else? > > There's a *lot* of highly effective technology out there - can you > narrow your statement down and point the finger at which ones you're > unhappy with, and why? > > Kind Regards, > Chris Drake > > > > >
Received on Friday, 16 June 2006 02:20:58 UTC