[Previous] [Next] [Index]
[Thread]
Re: what are realistic threats?
-
To: szabo@netcom.com
-
Subject: Re: what are realistic threats?
-
From: dkearns{TCNET/HR/dkearns}@klaven.tci.com
-
Date: Wed, 5 Oct 94 16:57:00 -0600
-
Cc: www-security@ns1.rutgers.edu
-
Organization: Thomas-Conrad Corp
-
Reply-To: dkearns{TCNET/HR/dkearns}@klaven.tci.com
>From: SZABO @ SMTP (Nick Szabo) {szabo@netcom.com}
>Date: Wednesday, October 05, 1994 4:24PM
>
>
>Dave Kearns:
>> But who would guarantee the statement that "No major security
>> holes have been found"? Are we simply to take XYZs word
>> for it?... No, but we need to 'guarantee the integrity' of the
>> SIGNER.
>
>What on earth do you mean by "guarantee of integrity"? A legal
>contract promising you your money back? Legal liability?
>Any old stranger claiming that he is making a "guarantee"?
>Specifics, please!
>
GUARANTEE: an assurance of the quality of or of the length of use to be
expected from a product.
No legal liability, no 'money-back' provision, just the assurance that a
given statement is true, to the best of the guarantor's knowledge. Please
feel free to use the term CERTIFY if it makes you feel better.
>> No, hierarchies allow for standards based rules for issuing
>> certificates and 'guarantees'.
>
>It's quite possible to issue certficates without any sort
>of heirarchy: an example is the widely used public-key cryptography
>system, PGP. And here's another place we need to be more
>precise: does "heirarchy" do we mean a single-rooted tree, a directed
>acyclic graph, a cyclic graph, or what? What specific constraints
>are being set by the standards? My argument was against
>single rooted trees.
"Hierarchy" simply means that each guarantor is guaranteed (or 'certified'
if you prefer) by a
higher ranking guarantor - where "higher ranking" is a subjective judgement
on the user's part.
Conceptually, I guess I see it as a "multi-rooted, distributed tree", or
even trees - since the root of one tree might or might not be a branch on
another tree.
>
>> The important point, to me, is that there exists a path I can follow
>> to establish the credentials of the Guarantor and satisfy myself
>> as to the reliability of whatever it is I'm about to access.
>
>I agree, but I'm hardly willing to follow some ill-defined "guarantee",
>or trust somebody merely because he's called a "Guarantor".
You don't trust someone simply because he's a guarantor (that's a
tautology), but because you have knowledge - either personnally or through a
higher guarantor - of his integrity and competence.
>I want each cryptographic step to be precisely defined, and
>each claim in a certificate be specific and highly credible.
>A system based on ambiguous "guarantees of integrity" wouldn't
>provide anything even approaching a guarantee of integrity.
>
Who defines these "precisely defined" steps?
-dave
Follow-Ups: