All,
This is a perfectly crystallized
description of views I espoused in a book I wrote 3 years ago which
didn't get published. I did an entire chapter on PKI versus
circle of trust. What's the difference between the two.
Fundamentally, it's philosophy, and Ellison and Schnier said it
best. "Who do you trust?" Public Key
Infrastructure is largely adopted by large firms who have a burning
desire to centralize the process. Have you ever met a manager
or executive that didn't have an inclination toward wanting to have
iron fisted control over a process or system? PKI provides that
control, and that makes them feel good. Circle of trust
decentralizes the control and allows anybody in an organization to
sign keys. This places the onus of inquiry on the user to
validate or verify signatures independently. And in my
estimation, from a security perspective, this is a good thing.
The circle of trust can be compared to the play or movie called “Six
Degrees of Separation.” It goes like this... Do you know the Pope? Probably not. But how many acquaintances do you think you have
between yourself and the Pope? Well, let's assume you know me,
that's one. I know Vint Cerf, that's two. Vint Cerf knows George
Bush, that's three. And President Bush knows the Pope, that's four.
So, if you knew me, there would be four degrees of separation between
you and the Pope. I'm not going to go into whether you trust George
Bush, or the Pope, or me for that matter, but I think you see how it
works. In a large Corporation like Verizon, or the US Military,
there's an echelon of command that dictates who you should trust.
But is that the best way to go? I say no. Not from a security
perspective. Independent validation of credentials is always
preferable to centralization in this scenario because if there is a
breakdown in the chain of trust with the PKI model, it can be
catastrophic. If there is a breakdown in the chain of trust in a
circle of trust system, it's recoverable because there is more than a
single path of trust. It's comparable to the very reason the
Internet and packet switched networks were developed by DARPA. If a
catastrophic event took out a major telecommunications switch,
rerouting calls would be very time consuming and sometimes impossible
in a circuit switched network. Whereas with a packet switched
network, the packets containing the call information would be
rerouted around the damaged segment or segments automatically.
That's what the Internet was invented for in the first place (read
“Where Wizards Stay Up Late. The Origins of the Internet”
by Katie Hafner and Mathew Lyon, ISBN 0684812010, Library of Congress
#TK5105.875.I57 H338 1996 ).
“But management needs central
control!” They can still have it with circle of trust. They can
poison pill any key set they wish. They can even require key
signatures that will allow management or agents thereof to open
encrypted emails. It's all in the architecture and how it's
administered. I worked for a company that used circle of trust and
did just that. But the skeleton keys weren't held by one entity.
The company had a master or skeleton key and could open an encrypted
document or email. The key to the security in this scenario was the
process. There was a formalized request and approval process that
was required with certain checks and balances in place to ensure the
act of breaching and encrypted transmission wasn't abused by a single
person, like launching a missile from a submarine.
Anyway, I could go on and on. But I
won't bore you. Suffice to say that Bruce and Carl are absolutely
correct.
BTW... get the book. It starts out a
bit slow but there's all kinds of good stuff in there, like who's
responsible for making the first router work, who's idea was it to
fund it initially? Who came up with the RFC system? Who's responsible
for the @ in email addresses and all kinds of good stuff. It pays to
know your history, and this book's got a bunch of it.
My $0.02
t
________________________________
From: Mike Schwartz <
schwartz@acm.org>
To: PLUG-discuss mailing list <
plug-discuss@lists.plug.phoenix.az.us>
Cc: Mike L Schwartz <
schwartz@acm.org>
Sent: Thu, July 1, 2010 6:36:12 PM
Subject: OT: (or is it?) Interesting take on PKI and security
Interesting take on PKI and security
http://www.schneier.com/paper-pki-ft.txt
a favorite take-away quote, from it:
"[...] security is very difficult, both to understand and to implement. "
(that's from the 2nd sentence, of about the 4th-to-last paragraph). ...something to think about...
--
Mike Schwartz
Glendale AZ
schwartz@acm.org
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)