Financial Cryptography

Ben Laurie on Identity

Ben Laurie enters the world of blogs in typical style ("Anyone who knows me knows I hate blogs") and also shows that the feeling's mutual ( ... unprintable!).

More apropos, there are some interesting posts on how to turn the MD5 collision attack into a useful attack involving primes. John Kelsey suggested one and several posts pursue it. Start here.

Even more useful, Ben's Laws of Identity and a paper to better describe. Systems must be:

• Verifiable. There’s often no point in making a statement unless the relying party has some way of checking it is true. Note that this isn’t always a requirement - I don’t have to prove my address is mine to Amazon, because its up to me where my good get delivered. But I may have to prove I’m over 18 to get the porn delivered.
• Minimal. This is the privacy preserving bit - I want to tell the relying party the very least he needs to know. I shouldn’t have to reveal my date of birth, just prove I’m over 18 somehow.
• Unlinkable. If the relying party or parties, or other actors in the system, can collude to link together my various assertions, then I’ve blown the minimality requirement out of the water.

Which is looking good and it is nice to see some critical attention to Kim Cameron's Laws on Identify(ing Microsoft's Future Customers). (See also here Stefan Brands' blog for more on Identity.)

Mind you, Ben claims that x.509 is not suitable because "standard X.509 statements are verifiable, but not minimal nor unlinkable." I'm troubled by that word "verifiable." Either an x.509 cert points to somewhere else and therefore it in itself is not verifiable, just a reliable pointer to somewhere else, or the somewhere else is included in which case we are no longer talking about x.509.

Still, this is one of those debates where words twist their meaning faster than the average security guy can think, so let's save that for the bar.

Welcome!

Posted by iang at October 13, 2005 03:03 PM | TrackBack