Re: PGP Lame question

On 4 Dec 2005 18:06:22 -0800, lynn@garlic.com wrote:

> 1) the message/document has not been modified since it was digitally
> signed
>
> 2) "something you have" authentication ... i.e. the sender had access
> to, and use of the appropriate private key.
>
> ... aka from three factor authentication
> http://www.garlic.com/~lynn/subpubkey.html#3factor
>
> 1) something you have
> 2) something you know
> 3) something you are

Yes, and herein lies the confusion between cryptographic definitions of
authentication and practical, real life security systems definition of
authentication. The "something you are" aspect.

John Doe may have one and two above but unless he has 3, he's not going to
be authenticated.

Often cryptographers stop at authentication, and the real world issues of
verification, at 1 and 2. The better ones, like Schneier cross that gap.

-- 
Drop the alphabet for email