[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: KeyNote draft available

At 1:10 PM -0800 3/14/98, E. Gerck wrote:
>Bill Frantz writes:
> > At 10:56 AM -0800 3/14/98, E. Gerck wrote:
> > >You recognize of course that this "argument" is seriously deceptive:
> > >if we cooperate with a security flaw because it is inevitable for
> > >set = A and make it the freely avaliable for set = Universe then
> > >unless A = Universe we have effectively reduced the security level.
> >
> > Is it better to deliver systems which claim to enforce things they can not
> > enforce, or to deliver systems that do not make those claims?
> >
> > IMHO, In the former case, people will trust the claims and field insecure
> > systems.  In the latter case, people will understand the limits of
> > technology and include non-technological controls.
> >
>Certificates are machine-readable statements and deal with claims
>which can either be proved or disproved by Turing machines. To that
>precise technical constraint we must add the social use (or, abuse) of
>certificates. However, to claim that the social (ab)use negates the
>usefulness of strong technical barriers in certificates is an
>exaggeration. "Law is no substitute for engineering" applies here also
>and it is a common high-school experience that a cheap $1.00 lock that
>anyone could break affords much more privacy than a "DO NOT OPEN" sign,
>in a locker-room.

Hi Ed,

Of course.  The lock offers an audit trail.  (If the lock is broken, then
someone has broken in.)  It also increases the risk of getting caught in a
way that sharing keys does not.  The basic problem is that the "strong
technical barriers" are so weak that they are bypassed every day.

As a real-world example.  When I first got my Netcom account, their use
policy did not allow account sharing.  I suspect that this policy was
widely ignored.  Their current policies specifically recognize account
sharing, an accommodation to the realities of the world.

I now share access to my Netcom account with my wife.  I do not share
access to accounts I get through my work with her.  However, there are no
technical barriers preventing me from doing so.  The only barriers are
legal and ethical.

>For example, X.509v3 uses the critical bit construct for
>several purposes but also in order to achieve delegation control, in a
>meaningful way, which shows that it is not only possible but also

One specific question about the X.509v3 critical bit.  How does it prevent
me from giving my smart card and it's access codes to my wife?

>Regarding enforceable or unforceable things, I disagree that such can
>have the absolute measure explict in your statement "systems which
>claim to enforce things". Clearly, "enforcing something"  is not only
>a matter of degree but also depends on the proposition's environment,
>goals, actors, time, etc.

Certainly.  That is precisely my position.  You must include the human
element as part of the environment for any system you design.

Ed.  I look forward to seeing your specific objections to the points made at:
http://crit.org/http://www.caplet.com/security/taxonomy/ through the Crit
system (http://www.crit.org).

Bill Frantz       | If hate must be my prison  | Periwinkle -- Consulting
(408)356-8506     | lock, then love must be    | 16345 Englewood Ave.
frantz@netcom.com | the key.     - Phil Ochs   | Los Gatos, CA 95032, USA

Follow-Ups: References: