[cap-talk] Definition of Authentication on wiki.erights.org

Sat Sep 5 19:33:57 EDT 2009

On Sun, September 6, 2009 00:17, Matej Kosik wrote:
> Rob Meijer wrote:
>> On Sat, September 5, 2009 21:35, Matej Kosik wrote:
>>> Rob Meijer wrote:
>>>> On Sat, September 5, 2009 13:04, Matej Kosik wrote:
>>>>> Karp, Alan H wrote:
>>>>>>> Another example: You have a piece of software. We already know how
>>>>>>> to
>>>>>>> follow POLA and POLA may be enforced over that software which is
>>>>>>> good
>>>>>>> but it is always interesting (if a given software does not work as
>>>>>>> expected) to determine its genuinity. You can blame vendor only for
>>>>>>> genuine software not for fakes.
>>>>>>>
>>>>>> An example of authentication that doesn't involve identity.  For
>>>>>> example, if someone you trust gives you the hash code of the
>>>>>> software,
>>>>>> you can authenticate it without knowing who wrote it.
>>>>> I think identity is still present. My authentication process
>>>>> determines
>>>>> whether hashes were issued by subject(s) I trust.
>>>> There may be identity involved, but if you use a hash (from any
>>>> trusted
>>>> source) to authenticate a piece of software with a trusted hash, you
>>>> are
>>>> validating a property of the software (its integrity), not trying to
>>>> find
>>>> out which of your friends might have signed it.
>>> I disagree. When I download some package via apt-get, given package is
>>> digitally signed. During authentication procedure I check whether that
>>> given package was released by Debian developers. In other words, I
>>> check
>>> who is at the other end of the communication channel through which I
>>> downloaded that package.
>>
>> Please stop changing the examples mid-way, we were talking about a hash,
>> not a signature.
>>
>>> Do not confuse this with checking of integrity. This is not what
>>> happens
>>> here. Debian developers could distribute a modified version of the
>>> software. In order to check itegrity, I would have to have those hashes
>>> in advance which I do not have. I therefore rely on downloading
>>> software
>>> from trusted source. Authentication does not reveal any other fancy
>>> thing but whether at the other end of the communication channel are, in
>>> my case, Debian developers.
>>>
>>> So this example of authentication fits definition 1.
>>
>> If you keep bending the examples every example will fit definition 1.
>>
>>
>>> Are there examples covered by definition 1 which should not be covered?
>>
>> No, 1 defines a perfectly good subset of authentication. That is, 1
>> defines 'subject identity authentication'.
>>
>>> Are there examples not covered by definition 1 which should be covered?
>>
>> Yes, authentication that validates object properties (like the one Alan
>> mentioned),
>
> Do you mean that:
> - I have some file (e.g. foo.tar.gz)
> - I know its correct md5sum has
>   (e.g. 0308e7b8c023f1021702bfe033c392a4)
> - if I verify (with md5sum program) that
>   my copy of `foo.tar.gz' has correct hash
> Then I have performed authentication? In my opinion it is mere
> verification that given file is the one we want. This case not only does
> not fall under definition 1 and that is fine.

I disagree. The validation of the authenticity and integrity properties of
this object authenticate the object. This example thus shows that your
definition is flawed.

> The example changed mid-way, on the other hand, falls under definition 1
> and that is fine too.
>
> Are there examples covered by definition 1 which should not be covered?

No !

> Are there examples not covered by definition 1 which should be covered?

Yes, please re-read the other postings in this subject, there are now
multiple examples. When I first objected to this definition I only thought
it was not quite right, I'm now convinced it is absolutely wrong and
defines only a small subset of what is authentication.

Are there examples covered by definition 3 and not by 1 which should not
be covered? (I don't believe there are.)

Are there examples covered by definition 3 and not by 1 which should be
covered? (I believe there have been multiple ones of these raised that I
would hold valid.)

Rob