Comments on: Online accountability and the threat of impersonation http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/ Strategies for Internet citizens Tue, 16 Mar 2010 08:48:27 +0000 http://wordpress.com/ hourly 1 By: A creepy case of mistaken identity « A comfortable review of news dropping from the metaverse http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-122293 A creepy case of mistaken identity « A comfortable review of news dropping from the metaverse Wed, 23 Jan 2008 23:06:31 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-122293 [...] issue of online identities and how easy it is for someone to hijak someone else’s name and pose as that person when, for example, posting messages online. How do you know the person is who he says he [...] [...] issue of online identities and how easy it is for someone to hijak someone else’s name and pose as that person when, for example, posting messages online. How do you know the person is who he says he [...]

]]> By: fresh wordpress installation » History or technology: Which is the better defense of identity? Both. http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-10391 fresh wordpress installation » History or technology: Which is the better defense of identity? Both. Wed, 25 Apr 2007 13:18:55 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-10391 [...] Cameron had the same reaction to the Sierra affair as I did: Stronger authentication, while no panacea, would be extremely helpful. Kim writes: Maybe next [...] [...] Cameron had the same reaction to the Sierra affair as I did: Stronger authentication, while no panacea, would be extremely helpful. Kim writes: Maybe next [...]

]]> By: Darren http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-7154 Darren Sat, 14 Apr 2007 15:12:51 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-7154 <blockquote cite="http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/">But if I had to use cryptographically strong multi-factor authentication to log into my blog publishing system, and if I also had to digitally sign every one of my entries, I’d be far less vulnerable to malicious impersonation.</blockquote> But only if your key is known and trusted by the person trying to determine if what they're reading is really by you.

But if I had to use cryptographically strong multi-factor authentication to log into my blog publishing system, and if I also had to digitally sign every one of my entries, I’d be far less vulnerable to malicious impersonation.

But only if your key is known and trusted by the person trying to determine if what they’re reading is really by you.

]]> By: Jon Udell http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4478 Jon Udell Wed, 04 Apr 2007 15:58:59 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4478 "cryptographic authentication is still only as strong as the two weakest links in the chain." Agreed, and you're right to note that people are the weaker of those two. To those of us who've watched all this evolve, it seems like it's taken a long time, and it has, but we're still in the early innings. “cryptographic authentication is still only as strong as the two weakest links in the chain.”

Agreed, and you’re right to note that people are the weaker of those two. To those of us who’ve watched all this evolve, it seems like it’s taken a long time, and it has, but we’re still in the early innings.

]]> By: History or technology: Which is the better defense of identity? Both. « Jon Udell http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4471 History or technology: Which is the better defense of identity? Both. « Jon Udell Wed, 04 Apr 2007 15:45:00 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4471 [...] — Jon Udell @ 10:44 am Kim Cameron had the same reaction to the Sierra affair as I did: Stronger authentication, while no panacea, would be extremely helpful. Kim writes: Maybe next [...] [...] — Jon Udell @ 10:44 am Kim Cameron had the same reaction to the Sierra affair as I did: Stronger authentication, while no panacea, would be extremely helpful. Kim writes: Maybe next [...]

]]> By: Richard Schwartz http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4335 Richard Schwartz Wed, 04 Apr 2007 04:50:55 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4335 Oops. I somehow managed to paste garbage into the web link on the above reply. Oops. I somehow managed to paste garbage into the web link on the above reply.

]]> By: Richard Schwartz http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4334 Richard Schwartz Wed, 04 Apr 2007 04:48:41 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-4334 I'm probably as big a fan of cryptographic strong authentication as anyone -- 14 years in and around the Lotus Notes world does that to you, I guess. But bear in mind that with all the hassles that it brings, cryptographic authentication is still only as strong as the two weakest links in the chain. The first weak link is the operator of the certificate authority, who may not always properly verify identity before issuing a certificate -- or perhaps more to the point, may not be able to verify identity properly because the user community as a whole doesn't really trust them enough to be willing to provide sufficient identifying information. And the second weak link is of course the users themselves, who may compromise their own digital credentials in the name of convenience -- and those years in the Lotus world tell me that this happens far too often, no matter how much you try to educate your users about not sharing their id files and passwords. I’m probably as big a fan of cryptographic strong authentication as anyone — 14 years in and around the Lotus Notes world does that to you, I guess. But bear in mind that with all the hassles that it brings, cryptographic authentication is still only as strong as the two weakest links in the chain. The first weak link is the operator of the certificate authority, who may not always properly verify identity before issuing a certificate — or perhaps more to the point, may not be able to verify identity properly because the user community as a whole doesn’t really trust them enough to be willing to provide sufficient identifying information. And the second weak link is of course the users themselves, who may compromise their own digital credentials in the name of convenience — and those years in the Lotus world tell me that this happens far too often, no matter how much you try to educate your users about not sharing their id files and passwords.

]]> By: tecosystems » Best Defense: History or Technology? http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3882 tecosystems » Best Defense: History or Technology? Mon, 02 Apr 2007 23:12:27 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3882 [...] that I disagree with Jon Udell, but I’m not sure that I can quote convince myself of his latest argument that implies dramatic and potentially long term consequences for the compromise of weak [...] [...] that I disagree with Jon Udell, but I’m not sure that I can quote convince myself of his latest argument that implies dramatic and potentially long term consequences for the compromise of weak [...]

]]> By: and money » Online accountability and the threat of impersonation http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3853 and money » Online accountability and the threat of impersonation Mon, 02 Apr 2007 20:45:52 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3853 [...] Karen wrote an interesting post today onHere’s a quick excerptTim O’Reilly has distilled the lessons of the Kathy Sierra affair, and Tim Bray further distills them into a single dictum: “You’re accountable for what appears on your Web site.” He elaborates:. if a Web site is yours, … [...] [...] Karen wrote an interesting post today onHere’s a quick excerptTim O’Reilly has distilled the lessons of the Kathy Sierra affair, and Tim Bray further distills them into a single dictum: “You’re accountable for what appears on your Web site.” He elaborates:. if a Web site is yours, … [...]

]]> By: Henri Bergius http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3847 Henri Bergius Mon, 02 Apr 2007 20:15:36 +0000 http://blog.jonudell.net/2007/04/02/online-accountability-and-the-threat-of-impersonation/#comment-3847 Finnish "application of freedom of speech in mass media" law states that every website must have a named editor who is ultimately responsible for all content published there. Usually this means that if they get a report of illegal material published on the site they must take it down. More info here: http://bergie.iki.fi/blog/2004-03-25-000.html Finnish “application of freedom of speech in mass media” law states that every website must have a named editor who is ultimately responsible for all content published there.

Usually this means that if they get a report of illegal material published on the site they must take it down.

More info here:

http://bergie.iki.fi/blog/2004-03-25-000.html

]]>