Army signals security & "Clansmen" series radios

[Owen Lewis]

----- Original Message -----
From: "Dave Howe" <DHowe@Hawkswing.demon.co.uk>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 07 September 2000 20:04
Subject: Re: Army signals security & "Clansmen" series radios


> > Always, and again. Does not the nature of the 'web of trust' encourage
the
> > recognition of the inherent weakness of all trust systems.
> Yep - if only because it has few if any weaknessess that aren't shared by
> every other trust system in one way or another - at some point, you have
to
> say "do I trust this person to tell me who to trust?"

Not so. To follow your line of argument, if someone was authorised to tell
you who, when and to what level to trust another, you would never require to
ask your question. All you need to know is that the party is indeed
authorised
to provide you the requisite parameters. For the question of trust is dealt
with at some other level. You simply have to operate within the parameters
provided. As discussed elsewhere, such a system falls down where there is
no hierarchical structure or even where there must be information flow
between independent hierarchies. The question is how then effectively to
substitute or build an entirely different model that assures an equal level
of security.
>
> > Your military background seems to have encouraged in you a belief that
> there
> > are people - superiors - who are to be trusted, but to the extent that
you
> > hold that view, I cannot share it.
> In a military context, it tends to be appropriate - messages are likely to
> go up and down the tree of authority, rather than directly from point to
> point.

Not so. Orders - direction - if you prefer must always be communicated down
the hiearchical tree but the majority of communications - including secure
communication is of a coordinating nature and is lateral or 'all informed'
in movement rather than vertical within the organisation. In fact the
distinction in patterns and volumes of movement between 'command' and
control/coordinating communications is an important one. A 'directed net' in
which all station must request permission to communicate and then their
messages may have to be relayed through the control station is very
inefficient and will usually be found only where there are technical
difficulties in communication (such as may be caused by topography).

one of the advantages of the Web of Trust model is that it will
> happily accommodate this sort of structure - you just mark the top level
key
> as trusted to assign trust, and limit the depth to one.

If the WoT is assured by all key issue or key signature being by a common
and
trusted third party, you might be right in the first part. Certainly that is
well achievable within a hierarchical organisation.Nor do all PK systems
have to rely on a WoT. Nevertheless the
balance of advantage for a  general adoption of PK cryptosystems for
communication within hierarchical organisation had yet to be demonstrated, I
believe.
>
> >'You will trust me' A soldier does what he does not because he trusts
> >the officer, but because he bloody well just must.

Sigh... It's really just a bit more complex that that. Trust me :-)

> In my opinion, most of military training is to try and get people to
blindly
> trust the tree structure above them, even if it leads to their own death.
> why should crypto be exempt?

When you get right up the sharp end, the hierarchical is very de-emphasised
in place of a group ethic. If the group functions properly, each with an
assigned role in it the chances of survival are highest. The training you
misunderstand aims to inculcate behaviour patterns that will be maintained
even under severe psychological and physical stress and which promote group
survival. This behaviour cannot be created by order though the principles
behind it can be taught. It is sometimes counter-instinctual. The
lessons are only learned by repeatedly stressing the group and thus
allowing its members to discover what works and what does not when given
sufficient time to discuss and absorb the lessons and reorganise
accordingly. Eventually and with good training, the optimum behahiour
becomes almost reflexive. If the group behave as individuals then the
chances of survival or even a relative level of comfort are, for all
individuals at their lowest. But you knew that really, didn't you?

Within the group ad hoc and other task oriented temporary hierarchies are
established and function very well. For example the commander of a plane and
all on it is its pilot, regardless of rank or other hierarchical
relationship with any other person on that aircraft. Not simply the skill
sets but the levels of competence over a common range of skills will vary
between individuals. The group should organise so that the talents present
are most opportunely used for each task in hand.

Clearly, and for obvious reasons all this is out of kilter for groups which
are not seriously stressed, or is it? I do think though that the lower the
group stress level the greater the benefits that individuality is likely to
show.

Owen