Public Key Cryptography

Dave Bird---St Hippo of Augustine dave at xemu.demon.co.uk
Sun, 30 Aug 1998 00:07:10 +0100 

In a<Marcel-1.26-0829205533-7a1UU5&@oxted.demon.co.uk>, George Foot: 
>On Sat 29 Aug, Markus Kuhn wrote:
>>
>> With very carefully specified and implemented applications, we can
>> generate a business communication infrastructure that will reduce the
>> probability of successful fraud by several orders of magnitude. 
>
>We note your admission that improvements are necessary and your 
>confidence that solutions are available.  But technical solutions
>are prone to solve one problem and create another.  No judgement can 
>be made until experience is available.

 No final judgements, but preliminary evaluations surely can be :->
>
>In respect of operational and human lapses which are a major cause of 
>concern you suggest no specific remedies.  It may not be the technician 
>of which we stand in the greatest need.  Time will show.

 Your human weaknesses fall into three groups:
 (1) In some cases there is a technical fix---for example requiring
 a finger/voice/retina print as part of the "passphrase" deals with
 abuse by nonowners of the key, but not with  a legitimate user who
 is corrupt[-ed,-able].
 (2) In some cases all security including  metal door and safe keys
 has the same weakness.
 (3) In middling cases making procedures easier to use or check and
 prompt on oversights makes the operators less likely  to err under
 pressure. Security is at least as much about educating people into 
 thorough procedures as about the technical means.

 In the larger context one must analyse  how effective ANY security
 can be,  what the consequences of breach are,  and how  we arrange
 our business accordingly.  Most of what I said earlier off the top
 of my head holds good;  although it is  painfully obvious  I don't 
 know details of how current cryptosuystems  handle these problems.

 If there us money or power to be got by stealing information  then 
 it will be tried---our best security measures simply  shift effort
 from public transit areas to near the sender and recipient,   then
 from cracking to human weaknesses.  They also greatly increase the
 close-up labout needed to intercept, though.

-- 
' ' ' .:::. ' :: ' ' 'what do Scientologists say  when ' http://www.
'    (o\ /o) .::.  '  you ask why their money-grubbing ' xemu.demon.
'     \ " /  XEMU  '  killed  a woman  by  starvation? ' co.uk     '
'      '-'   ::::  ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' ' '
'      :v:   \'''| '        BIGOT   BIGOT   BIGOT                  '
'   ;;\:::/;;\/ /  '     OO  /       /         \               ?   '
'   ;;;;;;;;;BEER  '    (~~)      .00           @@-._           \  '
'   WithAKick\/    '   (    )    (  =)         (O    )     ( ") (" )
' 'LikeAnHBomb ' ' ' '  ^^^^ ' ' ^^ ^^ ' ' ' '  ^^ ^^  ' '  "" ' ""