(this is my 4096th lj comment - i need to get les distractable.)
no, by ‘the previous way’ i meant ‘furnishing secondary verifying personal information’ - which is what you do when you're calling in a fraud alert on your credit record, as i've recently seen first-hand.
let's start over, since i think we've been talking past each other. there are basically two problems with the current system:
1. it has replayability insecurity and various of its cousins. 2. it has a single point of moderately catastrophic failure (in the form of the SSN).
your system solves (1), but, as originally sketched, appears to make (2) worse, since all your verifying ability is wrapped up in your private key, and, if that's compromised, it may take a matter of days to even get it flagged as compromised.
‘days’ is a lot of damage worth of time. ‘hours’ would be acceptable. ‘minutes’ would be preferable. ‘days’ is right out. my claim is that, although using smart cryptography is a good idea, it's more important to reduce the degree to which there's any one document which an attacker can cause large amounts of havoc by compromising. this is actually the kind of security we're seeing develop emergently (with the more and more complex identifying questions). if we want to build a new crypto infrastructure, we should make a point of stepping forward, rather than back, in the area of error-tolerance. since there's been a lot of work on cryptographic protocols to do almost exactly this, we should be able to make some real progress here.
no subject
no, by ‘the previous way’ i meant ‘furnishing secondary verifying personal information’ - which is what you do when you're calling in a fraud alert on your credit record, as i've recently seen first-hand.
let's start over, since i think we've been talking past each other. there are basically two problems with the current system:
1. it has replayability insecurity and various of its cousins.
2. it has a single point of moderately catastrophic failure (in the form of the SSN).
your system solves (1), but, as originally sketched, appears to make (2) worse, since all your verifying ability is wrapped up in your private key, and, if that's compromised, it may take a matter of days to even get it flagged as compromised.
‘days’ is a lot of damage worth of time. ‘hours’ would be acceptable. ‘minutes’ would be preferable. ‘days’ is right out. my claim is that, although using smart cryptography is a good idea, it's more important to reduce the degree to which there's any one document which an attacker can cause large amounts of havoc by compromising. this is actually the kind of security we're seeing develop emergently (with the more and more complex identifying questions). if we want to build a new crypto infrastructure, we should make a point of stepping forward, rather than back, in the area of error-tolerance. since there's been a lot of work on cryptographic protocols to do almost exactly this, we should be able to make some real progress here.