Re: Usability of Cryptography (was Re: More FUD from First Virtual)
At 01:06 PM 12/11/95 -0700, Bryce wrote:
To get to the point, I want to know if this "fundamental tradeoff" that you refer to is in fact *fundamental*. That is to say: is the product of the "security factor" and the "usability factor" a constant? Or are there methods which can be practically implemented to make strong cryptography easier for Joe Average to use without exposing Joe to unnecessary risks?
Web of trust is a mess because it attempts to link keys to physical people, which in general cannot be done. If we stick to a lesser goal -- constancy of identity -- this is not so hard. In general it is impossible to prove that Bryce is the "real" Bryce, but it is trivial to prove that Bryce is the same Bryce who has a certain Web page, and the same Bryce who posted a certain article in archives. We should blow off this attempt to do the impossible. --------------------------------------------------------------------- | We have the right to defend ourselves | http://www.jim.com/jamesd/ and our property, because of the kind | of animals that we are. True law | James A. Donald derives from this right, not from the | arbitrary power of the state. | jamesd@echeque.com
Excerpts from mail.limbo: 12-Dec-95 Re: Usability of Cryptograp.. "James A. Donald"@echequ (1242*)
If we stick to a lesser goal -- constancy of identity -- this is not so hard. In general it is impossible to prove that Bryce is the "real" Bryce, but it is trivial to prove that Bryce is the same Bryce who has a certain Web page, and the same Bryce who posted a certain article in archives.
Agreed completely, if you add: "....unless the person claiming to be Bryce is someone who managed to steal secret keys from that same Bryce." Without this clause, it seems to me you're assuming that secret keys (or other identity-verifying tokens) can't ever be stolen. Insofar as you use multiple things (cryptography, IP address, etc.) to identify someone, you can make it harder to impersonate someone, but each of these things is ultimately forge-able. -- NB -------- Nathaniel Borenstein <nsb@fv.com> (FAQ & PGP key: nsb+faq@nsb.fv.com) Chief Scientist, First Virtual Holdings VIRTUAL YELLOW RIBBON==> http://www.netresponse.com/zldf
-----BEGIN PGP SIGNED MESSAGE----- An entity calling itself "James A. Donald" <jamesd@echeque.com> allegedly wrote:
Web of trust is a mess because it attempts to link keys to physical people, which in general cannot be done.
******************************* Do you wish to substantiate this rather brazen assertion? I am very sure that PGP public key 0xCC56B2E9 belongs to my housemate Sebastian Kuzminsky <kuzminsk@colorado.edu>. Is there some reason why I should doubt this belief? Furthermore my mother <rwilcox@mesa5.mesa.colorado.edu> <0x5E93210D> is very sure that PGP public key 0x617c6db9 belongs to me, and she is very sure that I am a trustworthy introducer of keys. Is there some reason why she should abstain from associating Seb's key <0xCC56B2E9> in her mind with my housemate?
If we stick to a lesser goal -- constancy of identity -- this is not so hard. In general it is impossible to prove that Bryce is the "real" Bryce, but it is trivial to prove that Bryce is the same Bryce who has a certain Web page, and the same Bryce who posted a certain article in archives.
But if I am the victim of a successful active attack then you are *not* certain that I am the same Bryce. The Bryce who posted a certain article in the archives might be completely different from (and antagonistic toward!) the Bryce who later contacts you in e-mail using the same public key. Do you see why?
We should blow off this attempt to do the impossible.
It is far from impossible. In fact, it is easy if we pay attention and cooperate. Note that I am in complete agreement with you about the (non-) value of "True" identities. In the above example I do not expect you to care which Bryce is the "real" Bryce, but I *do* expect you to care that the two Bryces are different. In short, the Web O Trust is important to maintain constancy of identity. It is not trivial, but neither is it impossible, to do so. Regards, Bryce, a unique and autonomous entity signatures follow "To strive, to seek, to find and not to yield." -Tennyson <a href="http://www.c2.org/~bryce/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMM855vWZSllhfG25AQG8JQP+Ikc9sfUdEQHhLTM1/cTlimFBKB/ppifD N58Eh6e6UboOeoatcLdHgEEkrewhYkVD+AcIoV5CUHLt22Q88vjH2Fq9jJ+tV3CO 65r9kyVeIg49qQZHx0FrSTytoTrY3Zg9RdJoh4zT/Vy36dCcwgRcfAzkPdMBfQqU W9mViQbS5w0= =KyrB -----END PGP SIGNATURE-----
participants (3)
-
Bryce -
James A. Donald -
Nathaniel Borenstein