[Discuss] 19,000 person company passwords stolen via HTTPS
Dr. Anthony Gabrielson
agabriel2 at gmail.com
Tue Oct 6 20:01:47 EDT 2015
I’m not going to go back and forth about this all night… So I’m signing off of this thread after this response else it turns into a classic tl;dr.
> On Oct 6, 2015, at 7:55 PM, Rich Pieri <richard.pieri at gmail.com> wrote:
>
> On 10/6/2015 7:30 PM, Anthony Gabrielson wrote:
>> No…
>
> Yes. It's a monolithic data store with every user's identifying credentials in it. It doesn't matter how that data is stored. It doesn't matter what transformations are performed on that data. It's still in one place and the whole thing can be taken in one swoop
PGP is not a monolithic data store although it can interface with one. DoD encryption boxes are not monolithic. It all depends on the model and how trust is defined and established.
>
>> It sounds like you’re asking for: - Secure Comms - Anonymity
>
> No, not anonymity. If I do business with Amazon for example there is no anonymity or else they couldn't charge my credit card and I wouldn't receive my stuff. What I'm asking for is a mechanism where rather than me authenticating myself with Amazon, it is Amazon's services which authenticate themselves with me.
>
> No, I don't know how to make it work. I wish I did. I wish someone did.
What are your requirements and why?
More information about the Discuss
mailing list