Information Security 101 - the Rules of Thumb

[Nicholas Bohm]

Brian Gladman wrote:
> ----- Original Message ----- From: "Nicholas Bohm" <nbohm at ernest.net>
> To: "UK Cryptography Policy Discussion Group"
> <ukcrypto at chiark.greenend.org.uk>
> Sent: Wednesday, June 24, 2009 12:19 PM
> Subject: Re: Information Security 101 - the Rules of Thumb
> 
> 
>> Brian Gladman wrote:
>>> ----- Original Message ----- From: "Peter Fairbrother"
>>> <zenadsl6186 at zen.co.uk>
>>> To: "UK Cryptography Policy Discussion Group"
>>> <ukcrypto at chiark.greenend.org.uk>
>>> Sent: Tuesday, June 23, 2009 11:28 PM
>>
>>>> The best person to control access to a secret is a person who already
>>>> knows it.
>>>
>>> The best peron to control access to a secret is a person who will be
>>> detrimentally impacted by its compromise (whether they know it or not).
>>
>> I'm not entirely comfortable with this, because although it states an
>> important truth about incentives, it takes no account of the fact that
>> some people may deploy systems that are far more secure than those
>> available to others.
> 
> I think the rule can meet this concern if it is applied sensibly.
> 
> If you delgate control of your secret(s) to another party in a way that
> leaves them with less incentive than you have in maintaining these
> secrets, I don't think you have done the delegation sensibly.
> 
> So a key aim in any such delegation is that of ensuring that the third
> parties incentive in maintaining your secrecy is at least as good as
> your own.

In principle, yes; but it may not be easy to do.  Contract terms could
impose an indemnity liability on the third party, but that can do no
more than impose a fincial liability risk (and one not easy to quantify,
either, which weakens its effect as an incentive).  Even if I could get
such an indemnity (which I might not be in a strong bargaining position
to do), its actual effect might be weakened by the third party's ability
to get insurance, thereby cushioning itself somewhat from the risk and
reducing its incentivising virtue.

>> If I have a secret that has to be kept in a computer, and its revelation
>> would affect me adversely, is it really best that I keep it in my
>> computer at home if I can find a reputable third party with no interest
>> in the secret and with the resources and technical competence to protect
>> it much better than I could?
> 
> Yes if they have less incentive to keep the secret than you do.

This leaves out any reflection of the supposedly greater security
competence of the third party.  Somehow it still feels safer to keep the
jewellery in the bank vault (even if it is more trouble when I want to
wear the tiara).

>> A secondary source of discomfort is that just this sort of principle can
>> be put forward as an argument that I should take unqualified
>> responsibility for anything signed with my private key, because it's my
>> job to maintain control over it, being the best person to do so.  I know
>> (or argue) that the one doesn't follow from the other, but the principle
>> tends to put me on the defensive.
> 
> Unqualified control is clearly not practical given that its use involves
> processing over which you cannot be expected to exert such control.
> 
> Which, of course, is why digital signatures are not what many people
> think they are.

Indeed.  Tiresomely the EU is trying to foist them on lawyers.
Dead-horse-flogging seems such an inadequate metaphor.

Nicholas
-- 
Salkyns, Great Canfield, Takeley,
Bishop's Stortford CM22 6SX, UK

Phone  01279 870285    (+44 1279 870285)
Mobile  07715 419728    (+44 7715 419728)

PGP public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF