I was involved in a conference call about security, and one of the topics was how do you prove who someone is.
For example you want to send me some secret information, such as your passport number, bank account details or the magic codes of your identification key.
- Sending me an email is not secure. Bad guys monitoring your email (or mine) could steal your information and substitute some other information.
- A carrier pigeon could be captured and the data changed
- A video of you showing the information can be faked these days – putting your face onto someone else’s body is easy.
- Some people said that the only secure way was to meet in person and exchange information. It was mentioned that this could be done at conferences. This has couple of problems
- You may not have met people you work with – so you have no way of knowing that the person who says he is Colin Paice, looks like the Colin Paice you’ve been corresponding with.
- With the technology in the Missions Impossible films, the person you are meeting could be wearing a Latex mask, and have a voice changer, and so look and sound like me, but still be a bad guy.
- Using PKI where we we have a certificate chain with a common certificate works, seems to be the only way which works.
- Until we have working Quantum computers which can break the RSA keys used in PKI!
ColinPaice 