[cryptography] The Government and Trusted Third Party

Jeffrey Walton noloader at gmail.com
Sun Sep 18 06:32:21 EDT 2011


On Sun, Sep 18, 2011 at 5:55 AM, M.R. <makrober at gmail.com> wrote:
> On 18/09/11 09:12, Jeffrey Walton wrote:
>>
>> If you can secure the system from the government...
>
>>
> I can't possibly be the only one here that takes the
> following to be axiomatic:
>
> +++
> A communication security system, which depends on a corporate
> entity playing a role of a ~trusted-third-party~, can not be
> made secure against a government in whose jurisdiction that
> trusted-third-party operates.
> +++
Agreed, but I would like to point out that neither Google nor
DigiNotar are Iranian legal entities (or I don't believe so).

And as Marsh pointed out, some of these folks are more than willing to
sell you out.

> On the other hand, a perfectly adequate low-level retail
> transaction security system can best be achieved by using a
> trusted-third-party, SSL-like system.
All in all, agreed. For what its worth, I don't use credit/debit
cards, but if I did I would would not be concerned about purchasing a
book from Barnes and Noble online.

> It follows then that we are not looking at replacing the SSL
> system with something better, but at keeping the current
> SSL - perhaps with some incremental improvements - for the
> retail transactions, and designing a new system, from the
> ground up, based on some a-priory, contemporary and well
> documented threat model.
For me, its not so much about updating threat models for the 21st
century, fixing SSL, throwing out PKI, or predicting 22 century
threats. But perhaps my arguments (or perceived threats and subsequent
remediations) speak volumes to the contrary.

The one thing I cannot palette: [many] folks in Iran had a preexisting
relationship with Google. For an Iranian to read his/her email via
Gmail only required two parties - the person who wants to do the
reading and the Gmail service. Why was a third party involved?

> This new system should address
> those applications which have spilled outside of the
> (implied?) threat model on which the SSL design was based.
> That new threat model must not fail to explicitly state just
> who are the attackers are and what their capabilities and
> motivations must be considered.
It seems to me that not much has changed since Whitfield Diffie was
bothered that a SysAdmin had to comply with court orders requesting
passwords and user files. We've just managed to complicate the system
requirements, the systems and implementations, and the legal
liability. (Case in point: three parties are used/required to securely
read an email rather than two).

Jeff



More information about the cryptography mailing list