Information Security 101 - the Rules of Thumb

Brian Gladman brg at gladman.plus.com
Wed Jun 24 13:32:45 BST 2009 

----- Original Message ----- 
From: "Nicholas Bohm" <nbohm at ernest.net>
To: "UK Cryptography Policy Discussion Group" 
<ukcrypto at chiark.greenend.org.uk>
Sent: Wednesday, June 24, 2009 12:19 PM
Subject: Re: Information Security 101 - the Rules of Thumb


> Brian Gladman wrote:
>> ----- Original Message ----- From: "Peter Fairbrother"
>> <zenadsl6186 at zen.co.uk>
>> To: "UK Cryptography Policy Discussion Group"
>> <ukcrypto at chiark.greenend.org.uk>
>> Sent: Tuesday, June 23, 2009 11:28 PM
>
>>> The best person to control access to a secret is a person who already
>>> knows it.
>>
>> The best peron to control access to a secret is a person who will be
>> detrimentally impacted by its compromise (whether they know it or not).
>
> I'm not entirely comfortable with this, because although it states an
> important truth about incentives, it takes no account of the fact that
> some people may deploy systems that are far more secure than those
> available to others.

I think the rule can meet this concern if it is applied sensibly.

If you delgate control of your secret(s) to another party in a way that 
leaves them with less incentive than you have in maintaining these secrets, 
I don't think you have done the delegation sensibly.

So a key aim in any such delegation is that of ensuring that the third 
parties incentive in maintaining your secrecy is at least as good as your 
own.

> If I have a secret that has to be kept in a computer, and its revelation
> would affect me adversely, is it really best that I keep it in my
> computer at home if I can find a reputable third party with no interest
> in the secret and with the resources and technical competence to protect
> it much better than I could?

Yes if they have less incentive to keep the secret than you do.

> A secondary source of discomfort is that just this sort of principle can
> be put forward as an argument that I should take unqualified
> responsibility for anything signed with my private key, because it's my
> job to maintain control over it, being the best person to do so.  I know
> (or argue) that the one doesn't follow from the other, but the principle
> tends to put me on the defensive.

Unqualified control is clearly not practical given that its use involves 
processing over which you cannot be expected to exert such control.

Which, of course, is why digital signatures are not what many people think 
they are.

    Brian


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4183 (20090624) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

More information about the ukcrypto mailing list