[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Foundations vs Implementations

(Warning - Winding Rant Ahead)

The discussion/debate on trust, where it can or cannot be found, conveyed
or not conveyed, is perhaps distracting us from the real argument, which
I percieve to be the trade-off between "knowing what one is doing" and
"getting something done."

It is analogous to the debates regarding programming methodology (top-down
vs bottom-up) or having requirements settled before beginning design.  In
a project with well-defined and static functional requirements, top-down
is fine.  But some situations are not as static or well-defined, and some
clients refuse to give much more than broad directives, forcing those who
implement to produce something which they complain about later.  Sometimes
a good deal of bottom-up programming is appropriate (hence we use math-libs
written by folks who had no idea exactly to what use we would put them.)

With a (wants-to-be-global) PKI, the stakes are very high.  First, it is
a substantial effort involving many, and with each passing day, develops 
greater momentum (or inertia, if you don't like where its going).  Perhaps
more importantly, it will become an (eventually transparent) foundation
for most of our communications, and with this transparency will come a
degree of complacency with the political implications of the policies and
assumptions that underly its operations.

We really want to get this one right.

One cannot expect all PKI development to come to a sudden halt because
(for instance) significant mechanisms of trust calculation have not been 
established apriori.  We would rarely reach an implementation phase.

OTOH, we have a responsibility to take a break every now and then, and
lift our heads out of the bits long enough to consider just what machine
will be built with the fine parts we fashion.

Ed is right in pointing out that in some ways, the Emperor has no clothes.
Carl is right in pointing out that the Emperor is bathing, and clothing
is an issue for another time and place.  Each is right in their own domain,
but these domains will meet where the rubber meets the road, and it is
not impossible that in the end, two rights make a wrong.  (Yeeks, enough
cliches for one paragraph.)

In other words, I am not comfortable dismissing any of the issues that have
been put forth by those on these PKI lists.  Perhaps some issues can be
deferred, treated independently, patched if needed (e.g.: certificate ident
in signatures.)  OTOH, perhaps deferring will result in shortcomings that
can only be treated with highly inefficient layers, or not at all.

Apologies for rant.


Tony Bartoletti                                             LL
SPI-NET GURU                                             LL LL
Computer Security Technology Center                   LL LL LL
Lawrence Livermore National Lab                       LL LL LL
PO Box 808, L - 303                                   LL LL LLLLLLLL
Livermore, CA 94551-9900                              LL LLLLLLLL
email: azb@llnl.gov   phone: 510-422-3881             LLLLLLLL