[13452] in cryptography@c2.net mail archive
Re: Maybe It's Snake Oil All the Way Down
daemon@ATHENA.MIT.EDU (Rich Salz)
Wed Jun 4 15:00:08 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Wed, 04 Jun 2003 10:21:46 -0400
From: Rich Salz <rsalz@datapower.com>
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
Cc: jamesd@echeque.com, bill.stewart@pobox.com,
cryptography@metzdowd.com, cypherpunks@lne.com, ekr@rtfm.com,
sguthery@mobile-mind.com
In-Reply-To: <200306040432.h544WNQ03298@medusa01.cs.auckland.ac.nz>
> The problems that this creates are demonstrated by what happens when
> technically skilled users are required to work with certificates.
If you haven't already seen it, I highly recommend Don Davis's
"compliance defects" paper (and slides!) available at
http://world.std.com/~dtd. Abstract follows:
Public-key cryptography has low infrastructural overhead because
public-key users bear a substantial but hidden administrative burden.
A public-key security system trusts its users
to validate each others' public keys rigorously and to manage
their own private keys securely. Both tasks are hard to do well,
but public-key security systems lack a centralized infrastructure
for enforcing users' discipline. A "compliance defect" in a
cryptosystem is such a rule of operation that is both difficult
to follow and unenforceable. This paper presents five compliance
defects that are inherent in public-key cryptography; these
defects make public-key cryptography more suitable for server-to-server
security than for desktop applications.
--
Rich Salz, Chief Security Architect
DataPower Technology http://www.datapower.com
XS40 XML Security Gateway http://www.datapower.com/products/xs40.html
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
