[cryptography] Nirvana

ianG iang at iang.org
Fri Sep 23 07:08:13 EDT 2011


On 23/09/11 08:33 AM, Nico Williams wrote:
> On Sun, Sep 18, 2011 at 11:22 AM, M.R.<makrober at gmail.com>  wrote:
>> In your view then, is the alternative at all a public key based
>> crypto system? If yes, is it SSH (or SSH-like) "trust on first
>> contact" or something else?
> It could vary.
>
> For low-security applications, like blog comments, yes, leap-of-faith will do.
>
> For a medium-security application, like shopping (where systems like
> credit card fraud protection render the risk to the user low),
> security bootstrapped from leap-of-faith + trust-building or trusted
> third parties will probably do.

I would go TOFU -- trust-on-first-use -- here alone, but replaceable by 
certs signed by other parties, in a compatible fashion.

I don't understand the leap-of-faith metaphor.  It seems to me that 
trusting a CA is a leap of faith given that we have to trust all of 
them, and we know next to nothing about them.  Bad risk analysis there, 
because we've outsourced it to unknown parties, via other unknown parties.

Whereas when we are doing the TOFU mechanism, we can incorporate all of 
our local knowledge and decide whether there is any risk in dealing with 
this merchant.  Good risk analysis.

> For high-security applications (like banking) you'll generally want to
> bootstrap security via something else, either an off-line interaction,
> or a trusted third party that can authenticate relatively few peers to
> you (and thus is probably more trustworthy w.r.t. verification of your
> peer's credentials).

There is another level of security above that which I guess we'll have 
to call ultra-security [0]. This is for real time transactions (payment 
systems or trading) and/or high values, and/or natsec things.

In ultra-sec, we'd download a client securely the supplier, and put it 
on to a single purpose machine.



iang

[0] Which I call high security.  Banking I generally call medium 
security ... anything using web browsers isn't really serious IMHO.



More information about the cryptography mailing list