Feeds

Of Infocard: Who keeps an eye on the guardians?

Why not PGP keysigning?

  • alert
  • submit to reddit

Internet Security Threat Report 2014

Nick Kew has raised an interesting point re: Mary Branscombe’s InfoCard piece.

It touches on “quis custodiet ipsos custodies” - who will keep an eye on the guardians? Do you have to have an unblemished reputation in order to manage identity and security? Probably not, in theory – but I bet you won’t get much buy-in from the general public (or, I hope, the press) if your past behaviour is dodgy.

So, some of the companies involved in dealing out identity/security have featured in anti-monopoly cases, have allegedly tricked people into changing their domain registration supplier by giving the impression they’re something they’re not and have failed in “due diligence” on identity generally (in one case, by giving a chancer a Bill Gates ID.

Also, the commercial concept of charging different rates for different “qualities” of identity (the cheapest needing little more than headed notepaper as “proof” of ID) seems to me to be a real gift for fraudsters – and Microsoft’s “do you want to trust all content from this provider” in IE seems fundamentally silly too (the only sensible answer is “sometimes”; not an option).

Personally, I see a need for “trusted third parties” in this space – regulated professionals similar to solicitors and “commissioners for oaths”, who can guarantee that a public key means what you think it does. But I have to admit that Pretty Good Privacy (PGP) trust seems to work well enough, although I’m not sure it will ever suit the technophobe masses.

Anyway, here’s what Nick says, and I obviously have some sympathy with it (although, in the context of the piece commented on, it raises issues rather outside the scope of what Mary was asked for: a developer’s heads-up on InfoCard technology):

“We have an established web-of-trust through PGP keysigning, that is (for end users) altogether preferable to certificate authorities. Why do initiatives like InfoCard not use this, at least as an option?

“Verisign's monopoly position seems to me altogether more damaging than Microsoft's, and I find it deeply depressing that they've been allowed to eliminate so much of the competition (e.g. buying Thawte - the other big name in the identity business) without regulatory scrutiny. And of course they are successor to Network Solutions, the worst monopoly nightmare I've ever had the misfortune to deal with in any 'net business.

“I have a great deal more trust in my colleagues whose PGP keys I've signed than I do in an industry dominated by companies with a very nasty track record.”

Choosing a cloud hosting partner with confidence

More from The Register

next story
Netscape Navigator - the browser that started it all - turns 20
It was 20 years ago today, Marc Andreeesen taught the band to play
Sway: Microsoft's new Office app doesn't have an Undo function
Content aggregation, meet the workplace ... oh
Sign off my IT project or I’ll PHONE your MUM
Honestly, it’s a piece of piss
Do Moan! MONSTER 6-day EMAIL OUTAGE hits Domain Monster
Customers freaked out by frightful service
Return of the Jedi – Apache reclaims web server crown
.london, .hamburg and .公司 - that's .com in Chinese - storm the web server charts
NetWare sales revive in China thanks to that man Snowden
If it ain't Microsoft, it's in fashion behind the Great Firewall
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.