[145624] in cryptography@c2.net mail archive
Re: A mighty fortress is our PKI, Part II
daemon@ATHENA.MIT.EDU (Jon Callas)
Thu Aug 5 11:47:30 2010
From: Jon Callas <jon@callas.org>
In-Reply-To: <E1OeoEf-0006i4-LH@wintermute02.cs.auckland.ac.nz>
Date: Wed, 4 Aug 2010 22:46:44 -0700
Cc: Jon Callas <jon@callas.org>,
smb@cs.columbia.edu,
ben@links.org,
cryptography@metzdowd.com
To: Peter Gutmann <pgut001@cs.auckland.ac.nz>
On Jul 30, 2010, at 4:58 AM, Peter Gutmann wrote:
>=20
> [0] I've never understood why this is a comedy of errors, it seems =
more like
> a tragedy of errors to me.
That is because a tragedy involves someone dying. Strictly speaking, a =
tragedy involves a Great Person who is brought to their undoing and =
death because of some small fatal flaw in their otherwise sterling =
character.
In contrast, comedies involve no one dying, but the entertaining =
exploits of flawed people in flawed circumstances.
PKI is not a tragedy, it's comedy. No one dies in PKI. They may get =
embarrassed or lose money, but that happens in comedy. It's the basis of =
many timeless comedies.
Specifically, PKI is a farce. In the same strict definition of dramatic =
types, a farce is a comedy in which small silly things are compounded on =
top of each other, over and over. The term farce itself comes from the =
French "to stuff" and is comedically like stuffing more and more =
feathers into a pillow until the thing explodes.
So farces involve ludicrous situations, buffoonery, wildly improbable / =
implausible situations, and crude characterizations of well-known =
comedic types. Farces typically also involve mistaken identity, =
disguises, verbal humor including sexual innuendo all in a fast-paced =
plot that doesn't let up piling things on top of each other until the =
whole thing bursts at the seams.
PKI has figured in tragedy, most notably when Polonius asked Hamlet, =
"What are you signing, milord?" and he answered, "OIDs, OIDs, OIDs," but =
that was considered comic relief. Farcical use of PKI is far more =
common.=20
We all know the words to Gilbert's patter-song, "I Am the Very Model of =
a Certificate Authority," and Wilde's genius shows throughout "The =
Importance of Being Trusted." Lady Bracknell's snarky comment, "To lose =
one HSM, Mr. Worthing, may be regarded as a misfortune, but lose your =
backup smacks of carelessness," is pretty much the basis of the WebTrust =
audit practice even to this day.
More to the point, not only did Cyrano issue bogus short-lived =
certificates to help woo Roxane, but Mozart and Da Ponte wrote an entire =
farcical opera on the subject of abuse of issuance, "EV Fan Tutti." =
There are some who assert that he did this under the control of the =
Freemasons, who were then trying to gain control of the Austro-Hungarian =
authentication systems. These were each farcical social commentary on =
the identity trust policies of the day.=20
Mozart touched upon this again (libretto by Bretzner this time) in "The =
Revocation of the Seraglio," but this was comic veneer over the =
discontent that the so-called Aluminum Bavariati had with the trade =
certifications in siding sales throughout the German states, as well as =
export control policies since Aluminum was an expensive strategic metal =
of the time. People suspected the Freemasons were behind it all yet =
again. Nonetheless, it was all farce.=20
Most of us would like to forget some of the more grotesque =
twentieth-century farces, like the thirties short where Moe, Larry, and =
Shemp start the "Daddy-O" DNS registration company and CA or the "23 =
Skidoo" DNA-sequencing firm as a way out of the Great Depression. But =
S.J. Perleman's "Three Shares in a Boat" shows a real-world use of a =
threshold scheme. I don't think anyone said it better than W.C. Fields =
did in "Never Give a Sucker an Even Break" and "You Can't Cheat an =
Honest Man."
I think you'll have to agree that unlike history, which starts out as =
tragedy and replays itself as farce, PKI has always been farce over the =
centuries. It might actually end up as tragedy, but so far so good. I'm =
sure that if we look further, the Athenians had the same issues with it =
that we do today, and that Sophocles had his own farcical commentary.
Jon=
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
