authenticating Real Life(tm)

[Tom]

Jim Choate wrote:
> > you will have to trust something. then you use that something to verify
> > something else, that is what:
> 
> No, I don't have to trust at all. I should have a protocol that I can
> PROVE (which is distinct from trust). I trust the proof. 

I love it when you conflict with yourself. :)
so you trust the proof. great. if you trust the proof, and the protocol
has just been proven, then your trust extends to the protocol. and so
on. web-of-trust.

please don't say you don't. because if a protocol that was just proven
by a prove you trust has not earned your trust by that procedure, then
obviously you lied when you said you'd trust the prove.



> > means.
> 
> Which means you feel comfortable enough with people you know to give them
> your key. That doesn't mean that because I know you and trust you that I
> should trust them. An enemy of my enemy is NOT my friend. And a friend of
> a friend is not my friend.

the PGP web-of-trust is a specialized version of the above. if you trust
me, and I say that key X really belongs to person Y, then your trust
extends to the validity of the key. not further, it doesn't mean you
trust person Y, it just means that because you trust me you decide to
believe that the key really belongs to that person, because I say so.


> But then again, sharing a key with somebody you wouldn't trust with your
> wallet is probably more than a tad problematic.

we're talking PUBLIC keys here. my public key is available to anyone who
knows what "finger" means.


> > see above. or check what web-of-trust means. for for this problem, we
> > have the following steps (in no specific order):
> 
> See what above? Your making statements and then self-referencing them as
> 'proof'. Not acceptable. Make an assertion and demonstrate the flow of
> dependence. Saying it over and over doesn't make it any more acceptable
> than the first time. And it's harder to tune out, familiarity breeds
> contempt.

still didn't get it? ok, so here's the same in math form:

if A==B and B==C then A==C

if replace == with "trust". if A trusts B and B trusts C then A can
trust C. that's a gross oversimplification, so please don't start any
nitpicking. I said a couple of words about trust not being binary in the
last mail. in essence, the == should read "total, complete, absolute
trust in everything", something that I doubt you'd see anywhere in real
life. the more precise formula would be:

A trusts B (minus margin of mistrust) 
and B trusts C (minus margin of mistrust)
therefore A trusts C (minus (margin of mistrust AB * margin of mistrust
BC) )




> Bottem line, if Bob trusts you, and you trust me, is no reason for Bob to
> trust me (or me to trust Bob). Trust/Reputation is NOT transitive (that's
> actually why it's worthless).

why not? please tell.



> > I've known this person for over 10 years. I'm pretty confident that any
> > attempts to replace him with someone else in such a way as to fool me
> > would be several orders of magnitude more expensive than the gain is
> > worth.
> 
> How do you know that he hasn't been undercover for 10 years? There are
> cases of undercover cops being submerged for years, spies for much longer.
> How would you KNOW. Maybe he's been making 1am burst transmissions to the
> 'enemy' for this entire time. Maybe his 'wife' or 'SO' is his contact
> point. How well do you know THEM? How well do you know his other friends?
> Would you trust them with your key? Does he trust them with access to the
> key? If so, even if you don't trust them, they've got it.

again, you're applying the wrong threat model. if this were about
whether or not I should tell him about the new superweapon that I've
been developing in my function as a super-secret scientist, your threat
model might apply. since we're talking about a simple question about
ammunition here, your threat model is way off.
in german, we say "mit kanonen auf spatzen schiessen" - roughly
translated as "firing cannons on sparrows". 


> > how you do this depends mostly on your threat-model. for this example,
> > the threat is small - it's not like any TLA would throw a couple million
> > dollars at this in order to fool you, right? ergo I can assume that a
> > replacement by someone who can fool me for several hours is extremely
> > unlikely.
> 
> How do yo know that THIS is their target? How do you know that you haven't
> just stumbled into it? How do you know they aren't using YOU for cover?
> How do you know that using you will not further the gain?

I don't. since I'm not omniscient, I can live with that fact. we're all
living our lifes on assumptions, or we'd be insane. maybe you should get
in touch with reality every once in a while?


> > > Which means nothing, your PGP key is no more trustworthy than your words.
> >
> > dumb jim. :)
> > it's not meant to be any more trustworthy than my words. in fact, it's
> > sole purpose (in this case) is to ensure that my words are really my
> > words. it's part of step 3 above.
> 
> If the key itself can't be trusted then I can't trust it to authenticate
> your words. If I can't trust your key any better than your words then why
> am I asking you to sign it? It clearly doesn't add security at any level.

excuse me? all the signature says is "these words were really written by
Tom". in short: it's "trust" is on a completely different level than
those of my words. I can sign a fictional story. you wouldn't trust my
words, but you could trust that they are, indeed, *my* words.



> > if they are stamped with an official seal (which in the case of the
> > military I'm quite sure they are) then you can be sure that any of 3
> > cases is true:
> 
> History is full of 'official seals' not being so official.

that would be case b) or c), depending on who's responsible.

> > a) they are valid
> > b) the government (or other place of origin of the seals) is in on the
> > conspiracy
> > c) a forger with more skill than your forgery-detection method is in on
> > the conspiracy
> 
> Or somebody stole it, or there is an accomplice with access to a
> legitimate seal to use for illegitimate uses. 

subcase of c).

> Or somebody has transient
> access to one without official access. And that ain't all the ways one
> could gain access to an 'official' seal besides the three you listed.

you're missing the point. this is not about a complete list of all
possible ways to get an official seal on some document.


> > wrong. we can solve your problem IF you present us with a list of those
> > things that you DO trust.
> 
> Who says trust has to be about 'things'? 

"things" in the broadest possible sense of "pretty much anything".


> I trust those things which can be
> independently verified by an arbitrary 3rd party or a process which I can
> impliment myself.
> 
> In short, things that can 'prove' other things must be at least isotropic
> and homogenious.
> 
> I trust the sun will rise, I trust that we'll all die. I trust that
> politicians are inherently crooked. I trust that what happend yesterday
> will not be exactly the same as today. I trust that people are both good
> and bad, as a result the most good person can in the right circumstances
> do the most heinous act (which on another line is ultimately the reason
> that the way we treat our prisoners is a moral and ethical failure of the
> 1st magnitude).

lots of that is not trust, but believe, but let's ignore that. :)


> Demonstrate how you authenticate your friend, his material, the channel
> he gave it to you with, that I should trust you, and the channel you
> provide it to me with. What sorts of things do YOU need to succesfully
> authenticate anything?

ok, let's focus:

the question was: what kind of ammunition does the G3 use?
the proposed solution was: I know someone who should know, I can ask him
and relay the answer.

your problem is: you trust neither me nor - should he even exist - the
one I proposed to ask.

solution to your problem: we need a protocol that you can verify
("prove") that will in return prove that the someone exists and does
know what he's supposed to know and that he is speaking the truth. I at
this stage ignore the "official document" crap and every other actual
means of verification, since you wouldn't trust them anyhow.

as a matter of fact, I think it would be much more simpler if you'd just
buy a G3 and check for yourself.


> 
> > from there on, trust can be extended. e.g. if
> 
> Demonstrate trust is transitive. That if I trust Bill and you trust me,
> then you should trust Bill.

correct if trust is binary. since it's not, the trust I have in you
would have to include a "grant option", i.e. if I trust you to have
friends that are trustworthy, then yes I would trust bill.


> I use PGP as a one-shot transaction security generator. I give you a key
> you're the only one who got it (unless you give/lose it to somebody) and I
> don't share keys and they retire in the short term (usually after the one
> shot use). I never send keys over the network.

secret keys - of course not, that's why they're called "secret".

you've never sent a public key over the network?