W3C home > Mailing lists > Public > public-wsc-wg@w3.org > April 2007

Re: Shared Public Knowledge

From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Date: Thu, 12 Apr 2007 10:27:13 +0100
Message-ID: <461DFB71.8050602@cs.tcd.ie>
To: Chuck Wade <Chuck@Interisle.net>
CC: michael.mccormick@wellsfargo.com, public-wsc-wg@w3.org

There is inertia, but that's not, e.g. a reason to annoint something
as good or inevitable. Perhaps it is a reason to push back to the
extent that that'd help.

There are also geographic variations in the amount of inertia, e.g.
our east coast is not yours; other places are, I believe, even less
like any of your coasts (in terms of legislated privacy protection).

Basically, what I dislike technically about these schemes is that
since each bank's (or, worse, service provider's) DB can be used to
try spoof me to anyone else that uses such a scheme, then any site
requiring such a scheme is potentially broadly threatening to me (as
a user). Same as with biometrics - I only have 10 fingers and a
small number of mothers-in-law's (1 in my case:-) and changing any
of those is way too hard. Weak passwords +/- funny handshakes are
way better in that respect.

Bottom line I think is that any text about this stuff would have
to contain quite a bunch of caveats.


Chuck Wade wrote:
> Stephen,
> I certainly share your sentiment, and your points are valid. However, 
> there is so much inertia behind knowledge-based queries that decrying 
> the problems with privacy and ineffectiveness are likely to be dismissed 
> by most financial services providers and the vast industry that has 
> emerged to serve this need. My observations are that many serious-minded 
> people in the financial industry see the problems with knowledge-based 
> queries, but it's hard to fight a system that has become so integral to 
> the way everything is done.
> The reality is that people will use what works--or what they /think/ 
> works. Unless preferable alternatives are presented, this W3C group 
> could come across as another bunch of Northeast liberals railing against 
> perceived privacy threats. Not only might we be ineffective, we could 
> cause some to discount the value of our collective recommendations.
> A better strategy in my mind would be to develop improved ways for Web 
> sites and user agents to authenticate each other in the every day cases 
> that matter the most. The goal should be to reduce as much as possible 
> the need for reliance on knowledge-based queries to improve 
> authentication confidence. Then, the remaining uses would be for unusual 
> circumstances where the parties are just getting to know each other, 
> such as during an account opening transaction with a financial institution.
> Put another way, the real problem with authentication based on shared 
> knowledge is /not/ that it is used at all, but that it has become /used 
> way too much./ In the absence of workable Web security, it is 
> understandable that financial institutions under strong pressure to 
> protect their customers (and themselves) will use a resource at their 
> disposal. This is analogous to the farmer who diverts a little bit of a 
> river to irrigate his fields. One farmer, not a problem. But when the 
> river's banks become lined with farms all taking their little bit, this 
> resource becomes overtaxed, and everyone suffers. Such trends cannot be 
> reversed by merely discouraging use of the river for irrigation. 
> Instead, the farmers have to be given some viable alternatives before 
> they can afford to change their ways.
> ...Chuck
> _____________________________
>    Chuck Wade, Principal
>    Interisle Consulting Group
>    +1  508 435-3050  Office
>    +1  508 277-6439  Mobile
>    www.interisle.net
> Stephen Farrell wrote:
>> Just dipping in (and out:-) quickly, but I think this is an interesting
>> aspect to think about.
>> michael.mccormick@wellsfargo.com wrote:
>>> The much maligned Mother's Maiden Name is an example of weak KBA  
>>> but much stronger ones are possible using the enormous databases of 
>>> personal data that are available from brokers today.  So I think the 
>>> SPK "anti-pattern" would benefit from being softened a bit to 
>>> acknowledge there's a place for it under certain conditions.
>> While I agree with your overall point, I think the above paragraph
>> implies that such schemes are problematic since they depend upon, and
>> thus encourage, the collection of such databases. That has two problems,
>> first, authentication schemes that are privacy unfriendly like this
>> are (IMO) problematic, and second, they inherently create a very
>> nice target DB - a good bit worse than e.g. a weak shared secret DB
>> that's protected via EKE and maybe Ford-Kaliski sharing (sorry don't
>> have a reference to hand - ask PHB).
>> Stephen.
Received on Thursday, 12 April 2007 09:37:57 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:36:44 UTC