Feeds

Of Infocard: Who keeps an eye on the guardians?

Why not PGP keysigning?

  • alert
  • submit to reddit

Business security measures using SSL

Nick Kew has raised an interesting point re: Mary Branscombe’s InfoCard piece.

It touches on “quis custodiet ipsos custodies” - who will keep an eye on the guardians? Do you have to have an unblemished reputation in order to manage identity and security? Probably not, in theory – but I bet you won’t get much buy-in from the general public (or, I hope, the press) if your past behaviour is dodgy.

So, some of the companies involved in dealing out identity/security have featured in anti-monopoly cases, have allegedly tricked people into changing their domain registration supplier by giving the impression they’re something they’re not and have failed in “due diligence” on identity generally (in one case, by giving a chancer a Bill Gates ID.

Also, the commercial concept of charging different rates for different “qualities” of identity (the cheapest needing little more than headed notepaper as “proof” of ID) seems to me to be a real gift for fraudsters – and Microsoft’s “do you want to trust all content from this provider” in IE seems fundamentally silly too (the only sensible answer is “sometimes”; not an option).

Personally, I see a need for “trusted third parties” in this space – regulated professionals similar to solicitors and “commissioners for oaths”, who can guarantee that a public key means what you think it does. But I have to admit that Pretty Good Privacy (PGP) trust seems to work well enough, although I’m not sure it will ever suit the technophobe masses.

Anyway, here’s what Nick says, and I obviously have some sympathy with it (although, in the context of the piece commented on, it raises issues rather outside the scope of what Mary was asked for: a developer’s heads-up on InfoCard technology):

“We have an established web-of-trust through PGP keysigning, that is (for end users) altogether preferable to certificate authorities. Why do initiatives like InfoCard not use this, at least as an option?

“Verisign's monopoly position seems to me altogether more damaging than Microsoft's, and I find it deeply depressing that they've been allowed to eliminate so much of the competition (e.g. buying Thawte - the other big name in the identity business) without regulatory scrutiny. And of course they are successor to Network Solutions, the worst monopoly nightmare I've ever had the misfortune to deal with in any 'net business.

“I have a great deal more trust in my colleagues whose PGP keys I've signed than I do in an industry dominated by companies with a very nasty track record.”

New hybrid storage solutions

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.