You're right...a central authority...but not controlling in the sense of your comment. There has to be some sort of chaining for this kind of technology to work 'well'. It doesn't do you any good if no one trusts the authenticity of your certificate. Its the same principle as certificates used for SSL enabled websites. Anyone can issue themselves a certificate that enables SSL on their website, but that doesn't mean you trust the authenticity of the site or the owners intentions. Now on the other hand, going to a website that has a certificate that was issued from a trusted authority like Verisign allows your computer to trust the site based on the certificate trusted roots. Your browser make some basic assumptions based on the trusted path of the certificate and assumes that the site is trusted. Verisign doesn't control anything with respect to the certificate. They only vouch for the authenticity of the certificate and it's owner.
With the technology available today, the best answer to the password problem is get rid of it.
Users would be given a personal certificate from a an issuing authority that is chained to a central controlling authority. The personal cert public key would be associated with a user account or some other system that uses ACL security. That personal cert private key would be 'burned' to some sort of portable media like an ID card or thumb drive. When the private key is burned to the media, a PIN is associated with it. Resoures that the user would need access to would be secured using the user account which now has an association with the cert. To access the resource, the user would be prompted to insert or attach the media with their private key and type in their short PIN number. When they are done, they take their media and leave. Of course there is much more back end crap that goes with this, but it does work if implemented correctly. The only BIG downside to this is physical security of the device which contains the private key...but it's the same concept as an ATM card that has access to your checking account as long as you have a simple 4 digit PIN...
I read the short article and did my own quick google search and I didn't find anywhere stated that the MP3 format was anything less than CD quality (192kbs)...Why is it assumed that since something is new and different that it's immediately bad...on/. for that matter?
Slashdot Mirror
You're right...a central authority...but not controlling in the sense of your comment. There has to be some sort of chaining for this kind of technology to work 'well'. It doesn't do you any good if no one trusts the authenticity of your certificate. Its the same principle as certificates used for SSL enabled websites. Anyone can issue themselves a certificate that enables SSL on their website, but that doesn't mean you trust the authenticity of the site or the owners intentions. Now on the other hand, going to a website that has a certificate that was issued from a trusted authority like Verisign allows your computer to trust the site based on the certificate trusted roots. Your browser make some basic assumptions based on the trusted path of the certificate and assumes that the site is trusted. Verisign doesn't control anything with respect to the certificate. They only vouch for the authenticity of the certificate and it's owner.
With the technology available today, the best answer to the password problem is get rid of it. Users would be given a personal certificate from a an issuing authority that is chained to a central controlling authority. The personal cert public key would be associated with a user account or some other system that uses ACL security. That personal cert private key would be 'burned' to some sort of portable media like an ID card or thumb drive. When the private key is burned to the media, a PIN is associated with it. Resoures that the user would need access to would be secured using the user account which now has an association with the cert. To access the resource, the user would be prompted to insert or attach the media with their private key and type in their short PIN number. When they are done, they take their media and leave. Of course there is much more back end crap that goes with this, but it does work if implemented correctly. The only BIG downside to this is physical security of the device which contains the private key...but it's the same concept as an ATM card that has access to your checking account as long as you have a simple 4 digit PIN...
I read the short article and did my own quick google search and I didn't find anywhere stated that the MP3 format was anything less than CD quality (192kbs)...Why is it assumed that since something is new and different that it's immediately bad...on /. for that matter?