Aram Perez wrote:
Hi Ed and others,
Like usual, you present some very interesting ideas and thoughts. The problem is that while we techies can discuss the "identity theft" definition until we are blue in the face, the general public doesn't understand all the fine subtleties. Witness the (quite amusing) TV ads by CitiBank.
Thanks. That's why my suggestion is that techies should solve the real problem (authentication theft) that is allowing identity theft to create damage to the general public. What's the use of stolen identity data if that data cannot be used to impersonate the victim? At most, it would be a breach of privacy... but not a breach of access and data protected by the access. Furthermore, if identity data is not used as authenticators, they would not be so much available (and valuable!) to be stolen in the first place.
BTW, the confusion between identification and authentication begins in our circle. Just check, for example, The Handbook of Cryptography by Menezes et. al.:
"10.2 Remark (identification terminology) The terms identification and entity authentication are used synonymously throughout this book."
Cheers, Ed Gerck
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]