Share this page!

iang Profile picture
Twitter logo
6 Jun, 16 tweets, 3 min read
Thread on middle names. As we discovered at CAcert, there is now one form of names., and attempts to regularise it into one clean system are doomed to be unclean.
Some random things about names. It’s possible to have two first names, or a name with two names in it.

In Spain, everyone has two surnames, one from either side. Also in Spain, up until recent times, first names were religious, and all women were named Maria of something.
For example, Maria de La Mar or Maria del Sol, which shortens to Marisol. So not only multiple words but multiple forms.

In Greece, when your name is written on legal documents, it includes your parentage, sometimes only your father, other times both.
When names are written on government issued identity documents there is no requirement that they be the same. So depending on the ‘breeder documents’ used, you can have distinct variations.
Typically in many parts of the world, women on marriage change their surname. But they don’t necessarily lose their other one; this is useful for maintaining two personalities apart, and separate finances when divorcing.

Men sometimes do this too.
Immigrants in the last century into the new world would meet with border officials who would rewrite their old name into some approximation within the new language. And thus, two names.

Same happens with Asian cultures - passports can show two different names, one in romanised.
We call this the One True Name fallacy. There is no one true name. And if there is no one true name, what is an acceptable name?

An acceptable name springs from use, and recognition by the community, in many and different ways- we’ve all known people who go by different names.
An authority-issued document is only a local stamping - the passport is a document to pass borders, and is unreliable beyond that.

The Driver Licence is a permit to drive, and is unreliable beyond that.

Why? Because that’s all the issuer is practically interested in.
This is why anglo identity cards don’t work so well, and European-style identity cards work very well: Anglo reliance on identity documents gets into a mess when the documents differ, whereas in Europe they simply grab the ID number, and ignore the name (or any differences).
Historically, Anglo world is hung up on WWII propaganda about how bad demands for papers are, as shown in countless movies. But for authorities to deal with the confusion in documents, they demand more, and the outcome is worse - inconvenient, unreliable, overbearing.
Without understanding the cultural element in identity systems, many engineers are at sea, and they sink when they meet an assumption trivially broken by strange people doing daft things.
Eg, one of the ways in which CA/PKI/x509 web browsing sunk was the obsession in the anglo world with the One True Name. American style engineers asserted that if they could present a certificate with the name in it, that would be what the users needed.
At one level, which name? The corporation name? or the domain name… Both might be important, depending on ones PoV.

But at a deeper level, users wanted to know the site was reliable. And they never got that, bc certs stopped at the name.
Why not go further? Bc CAs told browsers what they needed, and browsers didn’t understand any better. By the time it was shown to be of low efficacy, it was too late, and the CAs were in the trap of not being able to revise the narrative.
So, many people think x509 couldn’t do what was required. But actually, it was the infrastructure around x509 that couldn’t do what was required: the CAs, the browsers, the contracts, the servers… all locked into a deadly embrace of low performance.
In summary, beware the fallacy of the One True Name. If you’re obsessed about the name of someone, you’re probably on the wrong track.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with iang

iang Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iang_fc

iang Profile picture
16 May
Everyone’s writing about Tether at the moment, so why not join in the noise.

They announced that about half of their reserves are held in commercial paper, which is a short term loan to some company, good for the money, on some future date. So far so good. 1/12
The rosy picture: a buyer of Tether turns up with $$$, and purchases in good faith the same amount of USDT. The system then places that $$$ into its reserves. The $$$ are then lent to a company in exchange for commercial paper. Which is paid back in due course with $$$. 2/12
While good accounting, I see 3 potential flaws. (1) Will the company pay back? Of course, some might not. Let’s say 2% do not- this is covered as Tether actually sports more reserves than issued units of USDT, and the commercial paper pays a competitive rate of interest. 3/12
Read 17 tweets
iang Profile picture
9 Nov 20
ORF (media) in Austria report that 5 eyes Intelligence Community have convinced EU Council to secretly resolve for a total EU backdoor on end-to-end encryption.

(in German) fm4.orf.at/stories/300893…

Draft Resolution:

files.orf.at/vietnam2/files…
There’s some gems in this (drafty) resolution:

They’re going to steal money from the Recovery and Resilience Facility to “advance objectives” relating to cybersecurity.

How broken is that? 🧐 Do they know no shame?
The meeting of JHA Counsellors (Encryption) whatever they are also called out quantum encryption.

Does this mean

- they want to backdoor quantum encryption as well,

- pay off their academic advisors, OR

- they have no clue what they are talking about?

the bind moggles… 🤨
Read 8 tweets
iang Profile picture
23 Oct 20
@Steve_Lockstep @joerosato @csuwildcat sorry, it’s 50 mins long, I don’t watch much video, so speaking from generalisms and hints:

As a term, PKI suffers the same problem as ‘identity’ - it means different things to different people. Consequently, as a sector, it’s totally unreliable as a term. It can mean...
@Steve_Lockstep @joerosato @csuwildcat Use of Public Key cryptography in a technical system - that’s the PK part dominating. OR

Infrastructure around PKs to make the PK do or mean something. OR

Identity system based on PKI, implying use of private key is proof of person. Or...
@Steve_Lockstep @joerosato @csuwildcat X.509-based PKI which locks in a particular technology *and* a set of meanings/doings which don’t work *and* a set of companies that extract rents for little benefit, which extraction works a treat.

So, 1st order question is, what is this person meaning when using the term PKI?
Read 10 tweets
iang Profile picture
21 Oct 20
OK Twitter is censoring the original link to that article which is on a web site called strategic hyphen culture dot org.
Here is the response if the website strategic hyphen culture dot org is included in the Tweet:
Here’s the part I wanted to highlight, which is important!

💥 "The prize that America truly seeks is to seize for itself over the coming decades, all global standards in leading-edge technology, and to deny them to China.” 👈 👆
Read 5 tweets
iang Profile picture
17 Aug 20
A rant on the USA Election. If you’re uninterested you know what to do.

zerohedge.com/political/aoc-…

As we move closer to November, it’s somewhat non-controversial to say this USA election is the most divisive in living memory. I at least can’t recall one as divisive. 1/34
Reasons are obvious but I want to point out one reason that isn’t obvious, it’s the “NEVER TALK ABOUT…” rule.



zerohedge.com/political/fec-…

I’ve in the past alluded to this - the opening of Pandora’s box in the 2016 USA election. 2/34
Few have picked up on it, so to save some 150 million or so American voters some angst, it’s worth surfacing. Here’s the QUESTION:

Who’s hacking the USA election?

zerohedge.com/political/durh…
3/34
Read 34 tweets
iang Profile picture
9 Feb 20
This is a great research attack on a SWIFT-using payment institution (likely a British bank allowing the research to be conducted).

But I was struck by how the architectural flaw leapt out and screamed HIT ME HERE! 1/
Here’s the flaw: SAC is a flag that says signature verification and RMA (Relationship Management Application) authorisation and verification was successful.

Let me say that more clearly: SAC says verification is done. 2/ Image
The flaw is this: the SAC isn’t the authorisation - it’s a flag saying there was an auth. Which means, in short SWIFT messages do not carry any role-based authorisations.

They might be authorised, but it’s like they slapped a sticker on to say that.

Not good enough. 3/17
Read 19 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @iang_fc has new unrolls!

Check out other threads from @iang_fc!

Read all threads by @iang_fc

:(