On Thu, Jul 1, 2010 at 8:00 PM, Tim Bogart wrote: > All, > > This is a perfectly crystallized description of views I espoused in a book > I wrote 3 years ago which didn't get published. I did an entire chapter on > PKI versus circle of trust. What's the difference between the two. > Fundamentally, it's philosophy, and Ellison and Schnier said it best. "Who > do you trust?" Public Key Infrastructure is largely adopted by large firms > who have a burning desire to centralize the process. Have you ever met a > manager or executive that didn't have an inclination toward wanting to have > iron fisted control over a process or system? PKI provides that control, > and that makes them feel good. Circle of trust decentralizes the control > and allows anybody in an organization to sign keys. This places the onus of > inquiry on the user to validate or verify signatures independently. And in > my estimation, from a security perspective, this is a good thing. The > circle of trust can be compared to the play or movie called “Six Degrees of > Separation.” It goes like this... Do you know the Pope? Probably not. But > how many acquaintances do you think you have between yourself and the Pope? > Well, let's assume you know me, that's one. I know Vint Cerf, that's two. > Vint Cerf knows George Bush, that's three. And President Bush knows the > Pope, that's four. So, if you knew me, there would be four degrees of > separation between you and the Pope. I'm not going to go into whether you > trust George Bush, or the Pope, or me for that matter, but I think you see > how it works. In a large Corporation like Verizon, or the US Military, > there's an echelon of command that dictates who you should trust. But is > that the best way to go? I say no. Not from a security perspective. > Independent validation of credentials is always preferable to centralization > in this scenario because if there is a breakdown in the chain of trust with > the PKI model, it can be catastrophic. If there is a breakdown in the chain > of trust in a circle of trust system, it's recoverable because there is more > than a single path of trust. It's comparable to the very reason the Internet > and packet switched networks were developed by DARPA. If a catastrophic > event took out a major telecommunications switch, rerouting calls would be > very time consuming and sometimes impossible in a circuit switched network. > Whereas with a packet switched network, the packets containing the call > information would be rerouted around the damaged segment or segments > automatically. That's what the Internet was invented for in the first place > (read “*Where Wizards Stay Up Late. The Origins of the Internet*” by Katie > Hafner and Mathew Lyon, ISBN 0684812010, Library of Congress #TK5105.875.I57 > H338 1996 ). > > > “But management needs central control!” They can still have it with > circle of trust. They can poison pill any key set they wish. They can even > require key signatures that will allow management or agents thereof to open > encrypted emails. It's all in the architecture and how it's administered. I > worked for a company that used circle of trust and did just that. But the > skeleton keys weren't held by one entity. The company had a master or > skeleton key and could open an encrypted document or email. The key to the > security in this scenario was the process. There was a formalized request > and approval process that was required with certain checks and balances in > place to ensure the act of breaching and encrypted transmission wasn't > abused by a single person, like launching a missile from a submarine. > > > Anyway, I could go on and on. But I won't bore you. Suffice to say that > Bruce and Carl are absolutely correct. > > > BTW... get the book. It starts out a bit slow but there's all kinds of > good stuff in there, like who's responsible for making the first router > work, who's idea was it to fund it initially? Who came up with the RFC > system? Who's responsible for the @ in email addresses and all kinds of good > stuff. It pays to know your history, and this book's got a bunch of it. > > My $0.02 > > t > > ------------------------------ > *From:* Mike Schwartz > *To:* PLUG-discuss mailing list > *Cc:* Mike L Schwartz > *Sent:* Thu, July 1, 2010 6:36:12 PM > *Subject:* OT: (or is it?) Interesting take on PKI and security > > Interesting take on PKI and security > > http://www.schneier.com/paper-pki-ft.txt > > a favorite take-away quote, from it: > > "[...] security is very difficult, both to understand and to implement. " > > (that's from the 2nd sentence, of about the 4th-to-last paragraph). > > ...something to think about... > -- > Mike Schwartz > Glendale AZ > schwartz@acm.org > > Tim, Useless history! Better yet play with PK yourself, setup sendmail with DKIM keys, and play with DNS to understand various RFCs. I can't get my brain trivia tables to index history, unless it's music history or art history? -- Office: (480)307-8707 AT&T: (503)754-4452