Identity-based public key cryptography

[Peter Fairbrother]

Pete Mitchell and others wrote:

> Peter Fairbrother wrote:
> 
>> in any hierarchical situation the people at the bottom should physically
>> control who above them has access to their data, not the people above*
>> 
>> * email me if you want to know why.
>> 
> yes please
> 
First, I'm sorry I haven't answered sooner. I've got a horrible cold and I'm
not very clear-headed, so I also apologise if this isn't well-put either. I
can't decide what to include, there is a lot of it, so I'll just keep it
short. I also thought this was a well-established and well-known theorem,
but I can't find a reference - can anyone help? (Ben? - I first saw it while
researching capability-based OS's).



Simply put, if the originators of data have control of access (I'll call
this OC) then every access (except those made by the originator, who already
knows the data anyway) requires at least two people to cooperate.

If access control is determined from the top (I'll call this TD) then a
single person can get access to data he doesn't know, and without the
control (or often even the knowledge) of the originator.






OC can prevent single points of attack, cf the single top access controller
in a TD. Compromise him and you have everything, but he doesn't exist in an
OC.

OC is more flexible than TD*. OC is also much more robust against
compromise**, and allows independant double-entry logging of data
accesses***.


OC is also more akin to the human situation than TD. TD is only applicable
to zombies, victims of successful torture, and machines. It can't usually be
applied to humans, who have built-in physical access controls for their
memories.



There's lots more, including some surprising stuff about costs, but I'm
going back to bed. Happy New Year everyone :) , see you sometime then.


-- Peter Fairbrother




* In a hierarchy people above can expect people below to cooperate about
access. "Databases", searching etc. are quite possible in an OC, they're
just done differently.

** Some compromise is pretty well unavoidable in any large system.

*** The advantage of this dual logging is considerable. eg Actual compromise
of data can be much less expensive than possible compromise of data - if you
know your data is compromised you can take measures to mitigate the
compromise - if you think it might be compromised then you have a stark
choice - take measures on all your data, or ignore the possible compromise.
The first is expensive, the second may be fatal.  The expense of the first
can be mitigated if the range of data that could have been compromised is
limited by access logs derived from dual access logging. It is also
generally considered useful to know what your enemy knows...