[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: KeyNote draft available
At 1:10 PM -0800 3/14/98, E. Gerck wrote:
>Bill Frantz writes:
> > At 10:56 AM -0800 3/14/98, E. Gerck wrote:
> > >You recognize of course that this "argument" is seriously deceptive:
> > >if we cooperate with a security flaw because it is inevitable for
> > >set = A and make it the freely avaliable for set = Universe then
> > >unless A = Universe we have effectively reduced the security level.
> >
> > Is it better to deliver systems which claim to enforce things they can not
> > enforce, or to deliver systems that do not make those claims?
> >
> > IMHO, In the former case, people will trust the claims and field insecure
> > systems. In the latter case, people will understand the limits of
> > technology and include non-technological controls.
> >
>
>
>Bill,
>
>Certificates are machine-readable statements and deal with claims
>which can either be proved or disproved by Turing machines. To that
>precise technical constraint we must add the social use (or, abuse) of
>certificates. However, to claim that the social (ab)use negates the
>usefulness of strong technical barriers in certificates is an
>exaggeration. "Law is no substitute for engineering" applies here also
>and it is a common high-school experience that a cheap $1.00 lock that
>anyone could break affords much more privacy than a "DO NOT OPEN" sign,
>in a locker-room.
Hi Ed,
Of course. The lock offers an audit trail. (If the lock is broken, then
someone has broken in.) It also increases the risk of getting caught in a
way that sharing keys does not. The basic problem is that the "strong
technical barriers" are so weak that they are bypassed every day.
As a real-world example. When I first got my Netcom account, their use
policy did not allow account sharing. I suspect that this policy was
widely ignored. Their current policies specifically recognize account
sharing, an accommodation to the realities of the world.
I now share access to my Netcom account with my wife. I do not share
access to accounts I get through my work with her. However, there are no
technical barriers preventing me from doing so. The only barriers are
legal and ethical.
>
>For example, X.509v3 uses the critical bit construct for
>several purposes but also in order to achieve delegation control, in a
>meaningful way, which shows that it is not only possible but also
>needed.
One specific question about the X.509v3 critical bit. How does it prevent
me from giving my smart card and it's access codes to my wife?
>Regarding enforceable or unforceable things, I disagree that such can
>have the absolute measure explict in your statement "systems which
>claim to enforce things". Clearly, "enforcing something" is not only
>a matter of degree but also depends on the proposition's environment,
>goals, actors, time, etc.
Certainly. That is precisely my position. You must include the human
element as part of the environment for any system you design.
Ed. I look forward to seeing your specific objections to the points made at:
http://crit.org/http://www.caplet.com/security/taxonomy/ through the Crit
system (http://www.crit.org).
-------------------------------------------------------------------------
Bill Frantz | If hate must be my prison | Periwinkle -- Consulting
(408)356-8506 | lock, then love must be | 16345 Englewood Ave.
frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
Follow-Ups:
References: