Re: what are realistic threats?

• To: dkearns{TCNET/HR/dkearns}@klaven.tci.com
• Subject: Re: what are realistic threats?
• From: szabo@netcom.com (Nick Szabo)
• Date: Tue, 4 Oct 1994 17:58:13 -0700 (PDT)
• Cc: www-security@ns1.rutgers.edu
• In-Reply-To: <39723434816DB8D1@klaven.tci.com> from "dkearns{TCNET/HR/dkearns}@klaven.tci.com" at Oct 4, 94 12:14:00 pm
• Reply-To: szabo@netcom.com (Nick Szabo)

Dave Kearns:
> but at some point I'd want to check a well-known, trusted 
>'third-party-site'  who would guarantee
> the integrity of the outermost Guarantor of the software.

"Guaranteeing integrity" is a meaningless certificate -- a
"you should just be impressed" certificate.

To almost any given situation, we can apply meaningful, widely
recognizable certificates.  For example, "XYZ has a PhD in
Computer Science", "XYZ has published N papers on
cryptography", "this key belongs to XYZ", and "no
major security holes have ever been found in code examined
by XYZ" would be meaingful, specific certificates for a computer 
security consultant.  The consultant could in turn certfify code 
by making a claim to have examined it and found it secure, and 
signing the claim along with the code.  The digital signatures
and the "this key belongs to XYZ" claims (where XYZ is a person's 
name or pseudonym, an organizational trademark, a brand name, 
or any other persistent string of bits tied to an economic agent)
allow us to tie the claims to reputable agents.  There
are a wide variety of semantics possible for a signature; there is
no such thing as "guarunteeing the integrity" of a signature.

Economists call these claims "signals" because they signal quality
in specific, widely respected ways.  There's no such thing
as a perfect signal, of course.  "You should just be impressed" is a 
signal only to the gullible.

> It follows, then, that we'll need some hierarchy of 'Guarantors'

Any tautology follows from itself.  Heirarchies give us roots,
which present major problems:

* They are fragile points of catastrophic failure for the entire
system controlled by the root.
* They lack information about the whole system.  They are often
only able to make meaningless certifications, such as the "you should
just be impressed" certificate.

Root vulnerability can be tackled in a couple of ways:

* Cross-certification: but this is only worthwhile is the
certficates are precise and meaningful, based on specific
claims and in depth knowledge of the claim being made.
Certifications about claims outside the the certifier's
area of first-hand knowledge and incentives are meaningless.
* Unbundling: make each root informatically local.  Thus
credit agencies vouch for creditworthiness, universities
vouch for scholarly achievement, notary publics or
passport agencies vouch for "this key belongs to the
named person", etc.  

I consider unbundling to to be the most important and lucrative
solution to certification problems.  Cross-certification 
can also add value, provided it is specific, knowledgeable, and
properly incentivized.

Nick Szabo				szabo@netcom.com

• Re: what are realistic threats?
• From: dkearns{TCNET/HR/dkearns}@klaven.tci.com

• Previous: credit card security question
• Next: Re: what are realistic threats?
• Index(es):
  • Index
  • Thread