Security-by-credential or security-by-inspection
Tim May
tcmay at got.net
Thu Nov 8 09:46:26 PST 2001
The confusion "Nomen Nescio" shows in thinking that an is-a-person
government tracking system fixes the airline security problem is common
these days. It's the same confusion that causes many to think national
I.D. cards will fix current pressing problems. They won't.
This is the same "security ticket" problem that shows up in computer
security with malicious actors obtaining passwords or other access
permissions.
The time-honored alternative for airline security, and many other types
of security, is to not rely on permission slips or identity credentials.
Rather, it is to PHYSICALLY inspect.
Think of this a "capability," in OS/KeyKOS/E language terms. Instead of
some security or identity credential, a direct determination that an
object (passenger) can only have certain kinds of access and property
combinations ("no bombs allowed with passenger"). The way to ensure that
an object or agent does not go outside certain bounds (e.g., to erase or
overwrite files) is not to trust some issuer of a credential from afar
but to require specific allocation of access rights in the object or
actor itself. (This is not meant to be the most concise or elegant
phrasing of what capabilities are. Cf. the usual sources, includinging
Hardy, Tenenbaum, Miller, etc.)
Now if El Al or another airline wishes to require identity credentials
issued by California or Israel or whatever, this is their choice (in a
free market, that is). As I have written about in the past, some
airlines already use credentialling systems very similar to a
"web-of-trust" or "introducers" model. Private transport companies, for
example. Much the way companies hire people they know, or get to know.
"Vouching for" and all that stuff.
There is no one single security model. Security is part of an ecology of
actors, with methods, capabilities, and propagation of belief/trust
issues.
The problem I have with the current regime of soldiers with M-16s
demanding identity credentials is the simple-minded nature of it, losing
the nuances of market alternatives, and accelerating trends toward a
identity-centric state.
Nomen Nescio and others should read Chaum's "Credentials without
identity" papers. A true name is just another credential, not
necessarily more important than any of several other credentials. People
should think deeply about this issue.
--Tim May, Citizen-unit of of the once free United States
" The tree of liberty must be refreshed from time to time with the blood
of patriots & tyrants. "--Thomas Jefferson, 1787
More information about the cypherpunks-legacy
mailing list