RE: [imi] Question regarding encryption

["Scott Cantor" <cantor.2@osu.edu>]

John Bradley wrote on 2009-12-07:
> Unfortunately it is not something that is easily visible to the user.

That's why I said "if the user understood the risk". Since they seemingly
aren't given the tools to do so (and since it's probably too technical for
users anyway), the responsibility lies with deployers and spec authors.

> If you are only looking for PPID, and you believe that issuers properly
> create PPID for managed cards then you could use that as a pseudo audience
> restriction.    That could be acceptable in some circumstances.

I don't see how, but I'm not that familiar with PPID, and I don't think use
of Infocard should imply it. There are other formats for such an identifier
that predate the Infocard work, and I think it's a bit dangerous to conflate
identifiers with proofing or condition mechanisms.

> Some privacy people push the non-auditing tokens, without understanding
> all of the problems associated with them. They have a place but should
> not be the default.   (For what my opinion is worth)

They could have a place if the spec and software wasn't broken. It's really
that simple. The trade-off is much too dangerous in the vast majority of
cases, and the more people sidestep that issue, the more misinformation will
be spread.

There's nothing wrong with the concept. It's very useful and should be the
default, IMHO, so it needs to be fixed.

-- Scott