[cap-talk] Definition of Authentication on wiki.erights.org

Matej Kosik kosik at fiit.stuba.sk
Sat Sep 5 07:04:26 EDT 2009 

Karp, Alan H wrote:
> Matej Kosik wrote:
> 
>> - authentication of documents
>>   (determining the principal that issued them)
> 
> I may not know the principal who issued a document, but I still may be interested in authenticating it, e.g., an Egyptian papyrus.

This is also a good example. If we are given "proof carrying statement"
concerning a given papyrus, we do not need to authenticate the issuer of
a given statement. The problem is that we cannot verify the the proof
(unless we devote few years to studying a given area). This is when
authentication. If most professionals reject given proof, we need not to
study it, we will reject it too. This algorithm sometimes backfires (we
accept false statements and we reject true statements) but that is not
completely avoidable and authentication is still useful.

> 
>> - authentication of coins and bank notes
>>   (you want to be sure that they were issued by the central bank
>>    rather then printed by random person with a printer)
> 
> But I could equally well be interested only in authenticating their gold content.
> 
>> Capabilities would made it too easy to buy and sell votes.
> 
> Many localities in the US allow people to vote by mail.  Voters get anonymous paper ballots and envelopes that they sign when returning the ballots.  An unsealed, signed envelope and a blank ballot constitute a capability to cast a vote.  I guess these localities have decided that the risk of vote buying is acceptable.
>> I disagree. If a soldier (or a war machine) gets a command, it is very
>> relevant who issued that command.
>>
> Not at all.  It is quite likely that the soldier never heard of the captain who issued the order.  The soldier honors an order because of how he got it, either from a person he knows or over a channel he trusts.

Ok then, without increasing risks, soldier is in the simpler situation,
he simply obeys all commands given through a communication channel.
Maybe other kinds of communications are minimized but are still present
and then authentication (even if it is not computer-aided) is still
relevant.

>> Another example: If I get a scientific article, it is very relevant who
>> wrote it and what credibility given person has. I do not want to waste
>> my time to read the whole internet to find credible information.
> 
> Which makes it very hard for new entrants to a field to get heard.  It's a real problem and one motivation for double blind refereeing.  It's also the reason I oppose unrefereed publication.  It is more likely that you will read a refereed article because it was published in a place where you previously found articles worth reading.  In that case, you don't recognize the author, and you don't know who refereed the article, but you trust the publisher who probably never read the article.

Ok. Maybe that was a bad example.

>> Another example: You have a piece of software. We already know how to
>> follow POLA and POLA may be enforced over that software which is good
>> but it is always interesting (if a given software does not work as
>> expected) to determine its genuinity. You can blame vendor only for
>> genuine software not for fakes.
>>
> An example of authentication that doesn't involve identity.  For example, if someone you trust gives you the hash code of the software, you can authenticate it without knowing who wrote it.

I think identity is still present. My authentication process determines
whether hashes were issued by subject(s) I trust.

Regards,
-- 
Matej Kosik

More information about the cap-talk mailing list