http://emergentchaos.com/archives/2006/03/lapel-pins.html The Emergent Chaos Jazz Combo Wed, 01 Feb 2012 19:20:40 +0000 hourly 1 http://wordpress.org/?v=3.3.1 http://emergentchaos.com/archives/2006/03/lapel-pins.html/comment-page-1#comment-2029 JiggaDigga Fri, 07 Apr 2006 13:14:02 +0000 http://emergentchaos.com/?p=1607#comment-2029 Great reading, keep up the great posts. Peace, JiggaDigga Great reading, keep up the great posts.
Peace, JiggaDigga

]]> http://emergentchaos.com/archives/2006/03/lapel-pins.html/comment-page-1#comment-2028 Allan Friedman Fri, 31 Mar 2006 09:22:16 +0000 http://emergentchaos.com/?p=1607#comment-2028 It's not so stupid, even if Alice is wrong. Map this back to security policy, and then apply some good behavioral theory. The pin is an identifier. The security guard authenticates it on inspection. You argue that since it is easy to forge, it must be flawed authentication system. But even if guards authenticate on pin and pin alone, the identifier is a *public* signal. There are enough people in DC who have memorized the Congressional Facebook and spend enough time thinking about a large set of legislators to make sure that no one wears the pin without actually being a member. I am sure that if I were to slap on a suit and lapel pin and start wandering in the neighborhood of the capital, 1) some one would notice and 2) they would mention this to the Capital Cops, who would probably want to have a word with me. This is *definitely* true inside the Capital building. So the enforcement mechanism on authenticating the identifier is not 100% at any one point of failure, but it is distributed and enforced by a bunch of people with a strong social interest in protecting the validity of the system. I would argue that this is, in total, fairly robust. It’s not so stupid, even if Alice is wrong. Map this back to security policy, and then apply some good behavioral theory.
The pin is an identifier. The security guard authenticates it on inspection. You argue that since it is easy to forge, it must be flawed authentication system.
But even if guards authenticate on pin and pin alone, the identifier is a *public* signal. There are enough people in DC who have memorized the Congressional Facebook and spend enough time thinking about a large set of legislators to make sure that no one wears the pin without actually being a member. I am sure that if I were to slap on a suit and lapel pin and start wandering in the neighborhood of the capital, 1) some one would notice and 2) they would mention this to the Capital Cops, who would probably want to have a word with me. This is *definitely* true inside the Capital building.
So the enforcement mechanism on authenticating the identifier is not 100% at any one point of failure, but it is distributed and enforced by a bunch of people with a strong social interest in protecting the validity of the system. I would argue that this is, in total, fairly robust.

]]> http://emergentchaos.com/archives/2006/03/lapel-pins.html/comment-page-1#comment-2027 Alice Marshall Thu, 30 Mar 2006 14:27:35 +0000 http://emergentchaos.com/?p=1607#comment-2027 There are only 435 members of Congress and 100 Senators, and there is very little turnover from one year to the next. The Capitol police should be able to recognize them on sight. Believe me, everyone in DC can't help but notice that that <em>only</em> the black members of Congress get hassled. There are only 435 members of Congress and 100 Senators, and there is very little turnover from one year to the next. The Capitol police should be able to recognize them on sight.
Believe me, everyone in DC can’t help but notice that that only the black members of Congress get hassled.

]]>