Anders Rundgren wrote:
Hi Guys,
Thank you for taking on the p2 challenge!
Although the responses were rather different, AFAICT, they all required new
security infrastructure
Good to remind this slightly obscure requirement :)
beyond what is offered by the enterprise (employee) PKI which is (from my
perspective)
the interesting part since the consultants that for example the US government
use,
claim that this use-case is completely within the realm of the enterprise PKI,
and does
neither require new standards nor services.
Are you suggesting a failure of intellectual integrity of the vendors /
consultants? Gosh, who would have expected that. "I'm shocked, simply
shocked."
Since the people who actually design systems
do not have any guidelines of how to do this, they do what you could expect
even when
they are performing explorative research:
http://www.mel.nist.gov/msid/b2btestbed
That is, exclude security from the design completely!
I would expect this to be the only sane result. "Compromise on security
before delivery" is how it should be. It's business, not a private
sandbox for academics.
http://iang.org/ssl/h6_its_your_job_do_it.html#6.3
However, I wouldn't be surprised if there was some non-crypto security
in there to make the risk carryable.
Naturally there is more than one solution but if I were to create a blueprint,
I would
reuse what I believe is the only proven methodology which is introducing the
new entity
"system" in the plot. The former is the foundation for most financial industry
transaction
networks like SWIFT etc. Such solutions do not only address encryption but
(system)
authentication as well. That is, PSS and OSS communicate through a dedicated
secure
messaging system, that is completely independent of the schemes used to secure
employee-to-system communication.
Right, but I think you sell them short. These entities handle the
evidentiary requirement. This is generally more important than
authentication and encryption for your application, and is the reason
why the model survived. Duplicating that in a non-3rd party system is hard.
This principle is BTW also a direct copy of the original land-line phone system
where
phone/user authentication is through a specific cable and PSS/OSS represent
operators.
That's what I call time-tested!
Yes, recognised, "telex" :)
It sure has flaws from a security point of view but that
doesn't imply that improved security solutions need to change everything (at
once)
because that may give unwanted side-effects like limited migration capability.
I think you have it backwards; the business is the business, and any
flaw in security has to be shown and validated, not assumed.
It worked forever with telex, so any requirements for security are
simply not so obvious, they have a hard climb ahead of them. If I was
the consultant I'd ask whether the threat that SWIFT found itself in a
few years back was a concern for the customers. It's an elegant case.
If not, then no need for additional security. If yes, then yes.
Obviously and poignantly, USG and other governments would say yes.
Others might not.
It has been claimed that I bash PKI. I would rather say that I bash solutions
that
ignore efficiency, decentralization, and scalability. It is pretty clear that
true end-to-
end security solutions based on static message encryption have much more
limitations
(outside of the enterprise) than most people are aware of.
The US government has IMO been swindled by people who have vested interests
keeping
The USG gets what they deserve, if their record of meddling with
security systems is anything to go by. The fact that there are some who
spent a lot of money in govt. to actually try and use these pre-meddled
systems is fair, and perhaps the only feedback mechanism we have to
these people. There are a lot more around the world who spent a lot of
money trying to use it elsewhere, and that money won't ever generate a
feedback report into GAO.
prices in the outrageous category rather than trying to see how they could keep
costs
down. Since PKI is rather much a government thing and the US has the by far
largest
budget and influence, this is not an entirely US-only-question.
Over in Europe they are spending *ridiculous* amounts of the public's
money to make the qualified cert thing work; Germany is fiddling with
its invoicing system and making it unworkable, just to make the darn
things work. We really don't need to shed a tear for the governments,
instead, think of the public money wasted.
BTW, it has been frequently mentioned that Europe and America are
different, and this cultural divide is simply not recognised in this
group among others. Here's something I saw yesterday:
http://techliberation.com/2008/10/30/a-wide-diversity-of-consumer-attitudes-about-online-privacy/
Spot the difference?
http://www.gcn.com/online/vol1_no1/40429-1.html
“We’ve backed the wrong horse any number of times,”
:)
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
