That's my perspective... like it or not. It's still true. Basics don't change. t ________________________________ From: Lisa Kachold To: Main PLUG discussion list Sent: Fri, July 2, 2010 5:30:00 PM Subject: Re: OT: (or is it?) Interesting take on PKI and security On Thu, Jul 1, 2010 at 8:00 PM, Tim Bogart wrote: All, > > >This is a perfectly crystallized >description of views I espoused in a book I wrote 3 years ago which >didn't get published. I did an entire chapter on PKI versus >circle of trust. What's the difference between the two. >Fundamentally, it's philosophy, and Ellison and Schnier said it >best. "Who do you trust?" Public Key >Infrastructure is largely adopted by large firms who have a burning >desire to centralize the process. Have you ever met a manager >or executive that didn't have an inclination toward wanting to have >iron fisted control over a process or system? PKI provides that >control, and that makes them feel good. Circle of trust >decentralizes the control and allows anybody in an organization to >sign keys. This places the onus of inquiry on the user to >validate or verify signatures independently. And in my >estimation, from a security perspective, this is a good thing. >The circle of trust can be compared to the play or movie called “Six >Degrees of Separation.” It goes like this... Do you know the Pope? > Probably not. But how many acquaintances do you think you have >between yourself and the Pope? Well, let's assume you know me, >that's one. I know Vint Cerf, that's two. Vint Cerf knows George >Bush, that's three. And President Bush knows the Pope, that's four. >So, if you knew me, there would be four degrees of separation between >you and the Pope. I'm not going to go into whether you trust George >Bush, or the Pope, or me for that matter, but I think you see how it >works. In a large Corporation like Verizon, or the US Military, >there's an echelon of command that dictates who you should trust. >But is that the best way to go? I say no. Not from a security >perspective. Independent validation of credentials is always >preferable to centralization in this scenario because if there is a >breakdown in the chain of trust with the PKI model, it can be >catastrophic. If there is a breakdown in the chain of trust in a >circle of trust system, it's recoverable because there is more than a >single path of trust. It's comparable to the very reason the >Internet and packet switched networks were developed by DARPA. If a >catastrophic event took out a major telecommunications switch, >rerouting calls would be very time consuming and sometimes impossible >in a circuit switched network. Whereas with a packet switched >network, the packets containing the call information would be >rerouted around the damaged segment or segments automatically. >That's what the Internet was invented for in the first place (read >“Where Wizards Stay Up Late. The Origins of the Internet” >by Katie Hafner and Mathew Lyon, ISBN 0684812010, Library of Congress >#TK5105.875.I57 H338 1996 ). > > > >“But management needs central >control!” They can still have it with circle of trust. They can >poison pill any key set they wish. They can even require key >signatures that will allow management or agents thereof to open >encrypted emails. It's all in the architecture and how it's >administered. I worked for a company that used circle of trust and >did just that. But the skeleton keys weren't held by one entity. >The company had a master or skeleton key and could open an encrypted >document or email. The key to the security in this scenario was the >process. There was a formalized request and approval process that >was required with certain checks and balances in place to ensure the >act of breaching and encrypted transmission wasn't abused by a single >person, like launching a missile from a submarine. > > >Anyway, I could go on and on. But I >won't bore you. Suffice to say that Bruce and Carl are absolutely >correct. > > >BTW... get the book. It starts out a >bit slow but there's all kinds of good stuff in there, like who's >responsible for making the first router work, who's idea was it to >fund it initially? Who came up with the RFC system? Who's responsible >for the @ in email addresses and all kinds of good stuff. It pays to >know your history, and this book's got a bunch of it. >My $0.02 > >t > > > > ________________________________ From: Mike Schwartz >To: PLUG-discuss mailing list >Cc: Mike L Schwartz >Sent: Thu, July 1, 2010 6:36:12 PM >Subject: OT: (or is it?) Interesting take on PKI and security > > >Interesting take on PKI and security >http://www.schneier.com/paper-pki-ft.txt >a favorite take-away quote, from it: >"[...] security is very difficult, both to understand and to implement. " >(that's from the 2nd sentence, of about the 4th-to-last paragraph). ...something to think about... >-- >Mike Schwartz >Glendale AZ >schwartz@acm.org > > Tim, Useless history! Better yet play with PK yourself, setup sendmail with DKIM keys, and play with DNS to understand various RFCs. I can't get my brain trivia tables to index history, unless it's music history or art history? -- Office: (480)307-8707 AT&T: (503)754-4452