On Thu, Jul 1, 2010 at 8:00 PM, Tim Bogart <
timbogart@yahoo.com> wrote:
> All,
>
> This is a perfectly crystallized description of views I espoused in a book
> I wrote 3 years ago which didn't get published. I did an entire chapter on
> PKI versus circle of trust. What's the difference between the two.
> Fundamentally, it's philosophy, and Ellison and Schnier said it best. "Who
> do you trust?" Public Key Infrastructure is largely adopted by large firms
> who have a burning desire to centralize the process. Have you ever met a
> manager or executive that didn't have an inclination toward wanting to have
> iron fisted control over a process or system? PKI provides that control,
> and that makes them feel good. Circle of trust decentralizes the control
> and allows anybody in an organization to sign keys. This places the onus of
> inquiry on the user to validate or verify signatures independently. And in
> my estimation, from a security perspective, this is a good thing. The
> circle of trust can be compared to the play or movie called “Six Degrees of
> Separation.” It goes like this... Do you know the Pope? Probably not. But
> how many acquaintances do you think you have between yourself and the Pope?
> Well, let's assume you know me, that's one. I know Vint Cerf, that's two.
> Vint Cerf knows George Bush, that's three. And President Bush knows the
> Pope, that's four. So, if you knew me, there would be four degrees of
> separation between you and the Pope. I'm not going to go into whether you
> trust George Bush, or the Pope, or me for that matter, but I think you see
> how it works. In a large Corporation like Verizon, or the US Military,
> there's an echelon of command that dictates who you should trust. But is
> that the best way to go? I say no. Not from a security perspective.
> Independent validation of credentials is always preferable to centralization
> in this scenario because if there is a breakdown in the chain of trust with
> the PKI model, it can be catastrophic. If there is a breakdown in the chain
> of trust in a circle of trust system, it's recoverable because there is more
> than a single path of trust. It's comparable to the very reason the Internet
> and packet switched networks were developed by DARPA. If a catastrophic
> event took out a major telecommunications switch, rerouting calls would be
> very time consuming and sometimes impossible in a circuit switched network.
> Whereas with a packet switched network, the packets containing the call
> information would be rerouted around the damaged segment or segments
> automatically. That's what the Internet was invented for in the first place
> (read “*Where Wizards Stay Up Late. The Origins of the Internet*” by Katie
> Hafner and Mathew Lyon, ISBN 0684812010, Library of Congress #TK5105.875.I57
> H338 1996 ).
>
>
> “But management needs central control!” They can still have it with
> circle of trust. They can poison pill any key set they wish. They can even
> require key signatures that will allow management or agents thereof to open
> encrypted emails. It's all in the architecture and how it's administered. I
> worked for a company that used circle of trust and did just that. But the
> skeleton keys weren't held by one entity. The company had a master or
> skeleton key and could open an encrypted document or email. The key to the
> security in this scenario was the process. There was a formalized request
> and approval process that was required with certain checks and balances in
> place to ensure the act of breaching and encrypted transmission wasn't
> abused by a single person, like launching a missile from a submarine.
>
>
> Anyway, I could go on and on. But I won't bore you. Suffice to say that
> Bruce and Carl are absolutely correct.
>
>
> BTW... get the book. It starts out a bit slow but there's all kinds of
> good stuff in there, like who's responsible for making the first router
> work, who's idea was it to fund it initially? Who came up with the RFC
> system? Who's responsible for the @ in email addresses and all kinds of good
> stuff. It pays to know your history, and this book's got a bunch of it.
>
> My $0.02
>
> t
>
> ------------------------------
> *From:* Mike Schwartz <schwartz@acm.org>
> *To:* PLUG-discuss mailing list <plug-discuss@lists.plug.phoenix.az.us>
> *Cc:* Mike L Schwartz <schwartz@acm.org>
> *Sent:* Thu, July 1, 2010 6:36:12 PM
> *Subject:* OT: (or is it?) Interesting take on PKI and security
>
> Interesting take on PKI and security
>
> http://www.schneier.com/paper-pki-ft.txt
>
> a favorite take-away quote, from it:
>
> "[...] security is very difficult, both to understand and to implement. "
>
> (that's from the 2nd sentence, of about the 4th-to-last paragraph).
>
> ...something to think about...
> --
> Mike Schwartz
> Glendale AZ
> schwartz@acm.org
>
>
Tim,
Useless history! Better yet play with PK yourself, setup sendmail with DKIM
keys, and play with DNS to understand various RFCs.
I can't get my brain trivia tables to index history, unless it's music
history or art history?
--
Office: (480)307-8707
AT&T: (503)754-4452
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)