[cap-talk] Definition of Authentication on wiki.erights.org

Matej Kosik kosik at fiit.stuba.sk
Sun Sep 6 00:13:31 PDT 2009 

Rob Meijer wrote:
> On Sun, September 6, 2009 00:17, Matej Kosik wrote:
>> Rob Meijer wrote:
>>> On Sat, September 5, 2009 21:35, Matej Kosik wrote:
>>>> Rob Meijer wrote:
>>>>> On Sat, September 5, 2009 13:04, Matej Kosik wrote:
>>>>>> Karp, Alan H wrote:
>>>>>>>> Another example: You have a piece of software. We already know how
>>>>>>>> to
>>>>>>>> follow POLA and POLA may be enforced over that software which is
>>>>>>>> good
>>>>>>>> but it is always interesting (if a given software does not work as
>>>>>>>> expected) to determine its genuinity. You can blame vendor only for
>>>>>>>> genuine software not for fakes.
>>>>>>>>
>>>>>>> An example of authentication that doesn't involve identity.  For
>>>>>>> example, if someone you trust gives you the hash code of the
>>>>>>> software,
>>>>>>> you can authenticate it without knowing who wrote it.
>>>>>> I think identity is still present. My authentication process
>>>>>> determines
>>>>>> whether hashes were issued by subject(s) I trust.
>>>>> There may be identity involved, but if you use a hash (from any
>>>>> trusted
>>>>> source) to authenticate a piece of software with a trusted hash, you
>>>>> are
>>>>> validating a property of the software (its integrity), not trying to
>>>>> find
>>>>> out which of your friends might have signed it.
>>>> I disagree. When I download some package via apt-get, given package is
>>>> digitally signed. During authentication procedure I check whether that
>>>> given package was released by Debian developers. In other words, I
>>>> check
>>>> who is at the other end of the communication channel through which I
>>>> downloaded that package.
>>> Please stop changing the examples mid-way, we were talking about a hash,
>>> not a signature.
>>>
>>>> Do not confuse this with checking of integrity. This is not what
>>>> happens
>>>> here. Debian developers could distribute a modified version of the
>>>> software. In order to check itegrity, I would have to have those hashes
>>>> in advance which I do not have. I therefore rely on downloading
>>>> software
>>>> from trusted source. Authentication does not reveal any other fancy
>>>> thing but whether at the other end of the communication channel are, in
>>>> my case, Debian developers.
>>>>
>>>> So this example of authentication fits definition 1.
>>> If you keep bending the examples every example will fit definition 1.
>>>
>>>
>>>> Are there examples covered by definition 1 which should not be covered?
>>> No, 1 defines a perfectly good subset of authentication. That is, 1
>>> defines 'subject identity authentication'.
>>>
>>>> Are there examples not covered by definition 1 which should be covered?
>>> Yes, authentication that validates object properties (like the one Alan
>>> mentioned),
>> Do you mean that:
>> - I have some file (e.g. foo.tar.gz)
>> - I know its correct md5sum has
>>   (e.g. 0308e7b8c023f1021702bfe033c392a4)
>> - if I verify (with md5sum program) that
>>   my copy of `foo.tar.gz' has correct hash
>> Then I have performed authentication? In my opinion it is mere
>> verification that given file is the one we want. This case not only does
>> not fall under definition 1 and that is fine.
> 
> I disagree. The validation of the authenticity and integrity properties of
> this object authenticate the object. This example thus shows that your
> definition is flawed.

I am glad that we know exactly why we disagree (not just that we disagree).

It seems to me that you equate `authentication' with a more general term
`verification'. I (and at least David-Sarah ?) distinguish between them.
If we already have the term `verification' there is no need to create
multiple synonyms for it and use them interchangingly. That's confusing.

> 
>> The example changed mid-way, on the other hand, falls under definition 1
>> and that is fine too.
>>
>> Are there examples covered by definition 1 which should not be covered?
> 
> No !

Good.

> 
>> Are there examples not covered by definition 1 which should be covered?
> 
> Yes, please re-read the other postings in this subject, there are now
> multiple examples.

Words `authentication' and `authentic' are homonyms. Wiki page:

http://wiki.erights.org/wiki/Authentication

defines one of the meanings. It defines that meaning which is relevant
(because we do not have other words for it).

Some of the examples that appeared here were referring to other meanings
of this word for which there already are proper words
(for example, instead of "authentic papyrus" it is possible to
 say "genuine papyrus". In this context the words `authentic'
 and `genuine' are synonyms.)
This example does not show that definition 1 is bad. It only shows that
it defines one specific (relevant) meaning not all the meaning (which is
not what was meant. Although perhaps it would be appropriate to mention
this explicitely. There are other irrelevant meanings.)

> When I first objected to this definition I only thought
> it was not quite right, I'm now convinced it is absolutely wrong and
> defines only a small subset of what is authentication.

Yes, if you equate authentication with verification. But I oppose such
equation.

> 
> Are there examples covered by definition 3 and not by 1 which should not
> be covered? (I don't believe there are.)

The body of your definition uses words I am not motivated to use
("source of authority", "source of accountability").

> 
> Are there examples covered by definition 3 and not by 1 which should be
> covered? (I believe there have been multiple ones of these raised that I
> would hold valid.)

Good question. Suppose that you are on a discussion forum discussing
deeds of:

http://en.wikipedia.org/wiki/Stephen_I_of_Hungary

Various people post various posts. There are post which contain truth
and there are posts that contain false. Without you being a historian
you do not know which is which. There is inherently nothing wrong to
claim false if you do not do that intentionally or carelessly. However,
there are people who:

	systamically use lie as a working method

There is a group of people who is interested in truth and there are
others who are not. In order for the first group to defend from the
other, you must be able to authenticate particular posts.

	(this authentication fits definition 1
         this authentication does not fit definition 2
           because in this case it does not make sense
           to talk about "source of authority" or
           "source of accountability". We only want
           to relate posts with real people to be
           able to make immediate default conclusions
           (which can be changed to non-default value
            when there will be a reason)
        )

If I (a non-historian) can authenticate post and relate it to a person
who systematically lies (spreads lies of the local communistic party
and/or the local Nazi group) then, if I am interested in truth, I will
ignore his post (or mechanically filter out such people). I know why
they do this but I want an effective defence. One (not the only one) of
the key aspects is authentication of statements made in public and some
way of creating, maintaining and sharing "relative credibility of
principals" (which is beyond the scope of this discussion).
-- 
Matej Kosik

More information about the cap-talk mailing list