[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
Carl Ellison writes:
> At 10:20 PM 3/13/98 -0800, Hal Finney wrote:
>>One other point - it appears that all authorizations can be delegated
>>indefinitely, right? If one key grants an authority to a second, the
>>second key can pass the authority on to a third in any way it likes?
> The argument for it is that an end user, trusted or not (and there's
> that nasty word again :), will find a way to let someone else use his
> power...so you might as well cooperate with the inevitable.
You recognize of course that this "argument" is seriously deceptive:
if we cooperate with a security flaw because it is inevitable for
set = A and make it the freely avaliable for set = Universe then
unless A = Universe we have effectively reduced the security level.
As an example, perhaps extreme but nonetheless similar, if the US INS
accepts the fact that entry visas to the US are forgeable then...
should it make all visas be just oral declarations and cooperate
with the inevitable?
Further, we also know that security flaws have vicious synergy and
that by increasing the probability for one we usually have side
effects that "benefit" other security flaws. So, this problem -- in
cooperation with other logical problems also open to be used -- can
very probably provide the "right" framework for a series of different
and hardly foreseable attacks.
BTW, I discussed this problem here last year and I exemplified one
of the attacks by the name of "framing attack" -- and such is one
of the logical problems that should be IMO revisited in the technical
assessment for the draft. As I wrote yesterday, the draft would need
to replace 100% of the occurrences of the word trust with an objective
denomination adequate to its boolean treatment and also "correcting
other logical problems".
Dr.rer.nat. E. Gerck email@example.com
--- Visit the Meta-Certificate Group at http://www.mcg.org.br ---