[7988] in cryptography@c2.net mail archive
Re: Non-Repudiation in the Digital Environment (was Re: First
daemon@ATHENA.MIT.EDU (Bob Jueneman)
Fri Oct 20 16:35:41 2000
Message-Id: <s9f03171.052@prv-mail20.provo.novell.com>
Date: Fri, 20 Oct 2000 11:50:04 -0600
From: "Bob Jueneman" <bjueneman@novell.com>
To: <azb@llnl.gov>, <reinhold@world.std.com>
Cc: <dcsb@ai.mit.edu>, <cryptography@c2.net>, <cypherpunks@cyberpass.net>,
<egerck@nma.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
Let's put this problem in perspective, and try to avoid the "chicken =
little, the sky is falling" syndrome.
It's quite unlikely that someone would come up with "Eureka!" type of =
solution to factoring large numbers that would end up completely breaking =
RSA, or that some way would be found to completely break the integrity of =
SHA-1.
Instead, we would be much more likely to see a nibbling around the edges, =
and a gradually decreasing confidence in existing algorithms, with more =
than enough time to replace them.
In fact, we have already seen that. MD2 is now deprecated, and MD5 is =
being pretty widely supplanted by SHA-1. Likewise, DES has been broken =
and people are recommending that triple-DES be used, and soon AES. And =
OAEP is recommended to get around some hypothetical million-question =
attacks.
But the sky hasn't fallen, and the sun still comes up in the morning.
Even if some catastrophic weakness were somehow revealed that any high =
school kid could take advantage of with a single PC, there are still =
checks and balances. The kid still has to have money in the bank to pay =
for the item, and all of the usual velocity checks, etc. that are used to =
combat fraud would still be in place and would work. And good old-fashione=
d detective investigations and forensics would still be applicable.
Any good security system has defenses in depth, and is not subject to the =
balloon-popping problem. =20
that doesn't mean that we shouldn't try to make systems be as perfect as =
possible. But if they aren't (and they never are), that shouldn't be the =
end of the world as we know it.
Let's not invent a hypothetical Y2K problem.
Bob
Robert R. Jueneman
Security Architect
Novell, Inc. -- the leading provider of Net services software.
>>> Tony Bartoletti <azb@llnl.gov> 10/19/00 04:09PM >>>
At 04:58 PM 10/19/00 -0400, Arnold G. Reinhold wrote:
>>Yes, that is why Tony's remark was somewhat tongue-in-cheek and used
>>"solid mathematical foundations" within quotes.
>
>Eye twinkle doesn't come across in e-mail, I'm afraid. My apologies to=20
>Tony. This is obviously one of my hot buttons.
No problem. I often employ a quoted "x" to convey "so-called x", a=20
shortcut that
can lead to misunderstandings.
>>>It is all hypothesis and empirical argument. A lone
>>>mathematician working in his attic could come up with an algorithm
>>>that would blow some or all of the existing systems out of the water.
>>>Who get to cover that financial risk?
>>
>>The buyer. CAs (read Verisign's CPS or any CA's CPS, or bank contracts
>>and -- above all -- see the US UCC) are not responsible for producing =
correct
>>results but just for using correct methods. Where "correct methods" are
>>what others consider correct -- even if they are proved wrong later on
>>by a one mathematician working in his attic.
>
>I'm not sure those contracts would stand up in court if there were =
massive=20
>public losses due to a collapse of the PKI. (Anyway CA CPS's stretch =
to=20
>notion of a "mutual agreement" pretty far. I purchase a $10 cert and =
am=20
>bound by over 100 pages of gobbldygook that only a handful of people =
on=20
>the planet can be expected to fully understand?)
>
>But I am less concerned with CA legal liability then with who is left=20
>holding the bag when a massive subversion of the banking system is=20
>perpetrated, and how big that could be.
I'll wager the taxpayer/consumer will foot the bill, one way or another.
Derivative to the Second Law of Thermodynamics, it is easier to destroy =
wealth
than it is to create it. So, on average, work/energy is required to =
create
or recreate wealth. The collapse of a future global PKI, or of the =
integrity
of banking transactions, would represent a huge shift from order into =
chaos,
a decoherence of identities and orderliness amounting to a huge destruction=
of wealth. Recovery thus will require the recreation of wealth, in one =
form
or another. This will require a correspondingly huge input of work. So, =
who
does most of the work, in general? You know the answer ;)
___tony___
Tony Bartoletti 925-422-3881 <azb@llnl.gov>
Information Operations, Warfare and Assurance Center
Lawrence Livermore National Laboratory
Livermore, CA 94551-9900
