Slashdot Mirror

← Back to Stories (view on slashdot.org)

USPS To Provide Personal Identity Certification

Posted by timothy on from the in-their-efficient-cheerful-fashion dept.

Zentalon writes "The United States Postal Service has announced that it will provide In-Person Proofing (pdf) to physically authenticate individuals before a digital signature certificate is issued to that person. This has a bunch of interesting ramifications; for instance, I could create a simple spam filter that only accepts mail from individuals and organizations that have an authenticated certificate. It could also allow for more secure financial transactions. Anyone know if any other national postal services are planning the same thing?" Funny, they don't seem to always know where to deliver so-called first-class mail ...

5 of 259 comments (clear)

  1. Sounds like... by Klev · · Score: 4, Interesting

    Sounds like an opourtunity to charge us. This seems a lot like the door opening for the postal service's charging to send emails. Why else would they be offering to develop this amazing technology? To make our lives better?

    --

    future shocked
  2. Certificates by KeyserDK · · Score: 5, Interesting

    I recieved my official danish digital certificate(x.v509) by getting two pin codes. One via snail mail and the other when I ordered the certificate via the web. Both had to be typed in to recieve the certificate via mail.

    Seems pretty secure to me.

    The only thing it works for so far is tax stuff, and mail.

    --
    still reading?
  3. Re:The Post Office? Seriously? by Just+Some+Guy · · Score: 5, Interesting

    Definitely Verisign. The USPS doesn't think it's funny when they accidentally release your property to someone else (see also: sex.com). In fact, rumor has it that having the Postal Inspectors storm your house is not as funny as it sounds (i.e., 30 guys in attack armor carrying assault rifles vs. 5 guys like Cliff from "Cheers").

    --
    Dewey, what part of this looks like authorities should be involved?
  4. Postal employees better than you think by SuperBanana · · Score: 5, Interesting

    Complaints will be handled by people too slow to work at the Department of Motor Vehicles.

    I repeat the following story every time I hear someone insult a postal worker.

    One day I needed to get something in the mail THAT day, and I wasn't able to get down to the post office. I caught the mailman as he was driving up to the mailbox, and handed him the letter. Except I didn't have enough postage- I had forgotten about the rate increase that had happened recently.

    Now, if the guy had wanted to be an asshole, he could have refused it- but he said "you got any change? I'll put the extra postage on it when I get in" I had a quarter on me, gave it to him, and was happy that I had probably still spent less money than the gas it would have taken to get to the post office and back.

    What bowled me over was that the next day, he parked, came to the door, and handed me change. I was blown away that he bothered for such a small amount, and had expected him to (rightfully, far as I was concerned) pocket the 15-20 cents for the trouble of having to 'buy' and slap on an extra stamp for me.

    NOW, if you want to see how patient postal employees are, see what these guys did. It is incredibly funny(the part about the sender trying to argue they should get money BACK for shipping a balloon is hilarious), but there's a serious message in their absurd little experiment(which involved shipping bricks, hammers, dead fish+seaweed, etc), and I'll include their conclusion here:

    First, this experiment yielded a 64% delivery rate (18/28), an almost two-thirds success rate. (For our purposes, "delivery" constituted some type of independent handling by the USPS and subsequent contact regarding the object, regardless of whether we got to see or keep the object or whether it arrived whole.) This is astounding, considering the nature of some of the items sent. This compares with a 0% rate of receipt of fully wrapped packages from certain countries of the developing world, such as Peru, Turkey, and Egypt. Admittedly, those were international mailings, and thus not totally comparable; nevertheless, the disparity is striking.

    Second, the delivery involved the collusion of sequences of postal workers, not simply lone operatives. The USPS appears to have some collective sense of humor, and might in fact here be displaying the rudiments of organic bureaucratic intelligence.

    Finally, our investigation team felt remorse for some of its experimental efforts, most particularly the category "Disgusting," after the good faith of the USPS in its delivery efforts. We sought out as many of the USPS employees who had (involuntarily) been involved in the experiment as we could identify, and gave them each a small box of chocolate.

    We, and all scientists, owe a debt of gratitude to these civil servants. Without them, we would have had but little success in pushing the envelope.

    --
    Please help metamoderate.
  5. Old News, but Interesting by shiflett · · Score: 4, Interesting

    I was actually one of the developers of this project (three years ago), and it is funny to see that they are finally "announcing" it.

    The idea is simple, and it is actually a useful service that the USPS has the resources to provide, if they actually go through with it. Whereas SSL only authenticates the server (among other things, of course), the allocations for client authentication in SSL are optional and very rarely used. All the client needs for this is its own digital certificate, just like the server has its certificate.

    So, to get an SSL certificate, we (whether we like it or not) trust the various CAs to make certain that they are granted to the rightful owners. When it comes to client certificates, the scope of the problem becomes much larger, because you are authenticating people rather than domains. If you fail to properly identify someone before issuing the digital certificate, the point is lost.

    The USPS has post offices all over the US (their only country of concern in this case), and this fact provides the perfect platform for authenticating people. Just as with Passports, you must prove your identity in person before being authenticated.

    How do the pieces fit together? Well, it is fairly simple, but it involves a lot of existing systems, some of which are aging. You register online (providing much personal information, including what forms of ID you will be bringing with you). This generates a letter that is sent to your address (verifying your address in the process). You take this letter to the post office, and if you pass the in-person proofing, the clerk scans the barcode on the letter. This scan makes its way back to the system in about 24 hours, and then your digital certificate is generated. An email is sent to let you know, and you can then download it from the Web site after logging in.

    At any rate, I still think the general idea is a good one, and this would be a useful service for a lot of people. I hope it is successful.