[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats?
-
To: www-security@ns1.rutgers.edu
-
Subject: Re: what are realistic threats?
-
From: dkearns{TCNET/HR/dkearns}@klaven.tci.com
-
Date: Wed, 5 Oct 94 09:09:00 -0600
-
Cc: szabo@netcom.com
-
Organization: Thomas-Conrad Corp
-
Reply-To: dkearns{TCNET/HR/dkearns}@klaven.tci.com
>From: SZABO @ SMTP (Nick Szabo) {szabo@netcom.com}
>Date: Tuesday, October 04, 1994 8:04PM
>
>
>Dave Kearns:
>> but at some point I'd want to check a well-known, trusted
>>'third-party-site' who would guarantee
>> the integrity of the outermost Guarantor of the software.
>
>"Guaranteeing integrity" is a meaningless certificate -- a
>"you should just be impressed" certificate.
>
>To almost any given situation, we can apply meaningful, widely
>recognizable certificates. For example, "XYZ has a PhD in
>Computer Science", "XYZ has published N papers on
>cryptography",
Now those are what I'd call "You should just be impressed"
certificates. The fact that XYZ 'has a PhD' or 'has published
papers' tells me nothing about the integrity (or judgement,
for that matter) of XYZ.
"this key belongs to XYZ", and "no
>major security holes have ever been found in code examined
>by XYZ" would be meaingful, specific certificates for a computer
>security consultant.
But who would guarantee the statement that "No major security
holes have been found"? Are we simply to take XYZs word
for it?
>The consultant could in turn certfify code
>by making a claim to have examined it and found it secure, and
>signing the claim along with the code. The digital signatures
>and the "this key belongs to XYZ" claims (where XYZ is a person's
>name or pseudonym, an organizational trademark, a brand name,
>or any other persistent string of bits tied to an economic agent)
>allow us to tie the claims to reputable agents. There
>are a wide variety of semantics possible for a signature; there is
>no such thing as "guarunteeing the integrity" of a signature.
No, but we need to 'guarantee the integrity' of the SIGNER.
>
>Economists call these claims "signals" because they signal quality
>in specific, widely respected ways. There's no such thing
>as a perfect signal, of course. "You should just be impressed" is a
>signal only to the gullible.
>
>> It follows, then, that we'll need some hierarchy of 'Guarantors'
>
>Any tautology follows from itself. Heirarchies give us roots,
>which present major problems:
>
>* They are fragile points of catastrophic failure for the entire
>system controlled by the root.
>* They lack information about the whole system. They are often
>only able to make meaningless certifications, such as the "you should
>just be impressed" certificate.
>
No, hierarchies allow for standards based rules for issuing
certificates and 'guarantees'.
>Root vulnerability can be tackled in a couple of ways:
>
>* Cross-certification: but this is only worthwhile is the
>certficates are precise and meaningful, based on specific
>claims and in depth knowledge of the claim being made.
>Certifications about claims outside the the certifier's
>area of first-hand knowledge and incentives are meaningless.
Exactly.
>* Unbundling: make each root informatically local. Thus
>credit agencies vouch for creditworthiness, universities
>vouch for scholarly achievement, notary publics or
>passport agencies vouch for "this key belongs to the
>named person", etc.
>
>I consider unbundling to to be the most important and lucrative
>solution to certification problems. Cross-certification
>can also add value, provided it is specific, knowledgeable, and
>properly incentivized.
>
I fully agree, Nick. Perhaps my use of the term 'hierarchy' set you
off, but I used it in a more general sense (perhaps 'oligarchy' might have
been better) meaning that at the 'top' of the guarantee tree would be
a well-known, trustworthy source. There could be literally thousands
of these, whoose 'trustworthiness' was judged by the user. So given
code with the guarantees:
GUARANTEE GUARANTOR AUTHORITY
"This is my code" John Doe Author
"This code has no XYZ Phd in Computer Science, CMU
security holes"
I could accept it, since I know XYZ by reputation, or could
check further with 'CMU' (is that Carnegie-Mellon or Central
Michigan?) to establish his Bona Fides. If I found it was
Central Michigan, I could further check, with an accreditation board,
its standards for a PhD in CS.
The important point, to me, is that there exists a path I can follow
to establish the credentials of the Guarantor and satisfy myself
as to the reliability of whatever it is I'm about to access.
-dave
Follow-Ups: