philosophical cum practical point

dan at geer.org dan at geer.org
Wed Apr 6 11:06:25 EDT 2005 

Please critique, if you will, this line of reasoning:

===========
All other things being equal, integrating cryptographic
communication protocols into client-server or peer-to-peer
products with existing end-point vulnerabilities tends
to increase total enterprise vulnerability.
===========

By "all other things being equal" I am trying to
diplomatically reflect my experience to date that
not only is, say, key management hard but ensuring
that overburdened systems administrations staffs
continuously do the right thing with it has near
zero probability.  The SSL experience sort of sets a
lower bound for automaticity and low/no end-user skill
requirement corroborated by Alma Whitten's classic
paper[1] and other similar findings.  In perhaps the
most awkward and commonplace sense, I find myself
dealing with development teams that (rightly) believe
applications of cryptography are well understood but
then make the naive leap that they themselves either
already well understand those applications of
cryptography or that such understanding is an
assignable task to randomly selected team members
irrespective of background.

Perhaps I am only elaborating Spaf's remark[2] about
armored cars by restating it as an operational rule
for when development teams are permitted to add
crypto in their comm protocols -- when they have
damped out their end-user vulnerabilities.

Put one additional way, the guy who adds crypto
to his data stream risks becoming the most critical
server in the data center.

--dan



[1]
Whitten A & Tygar JD, "Why Johnny Can't Encrypt: A Usability
Evaluation of PGP 5.0," Proceedings of the 8th USENIX Security
Symposium, August 23-36, 1999, Washington, D.C., pp 169-184.

http://www.usenix.org/publications/library/proceedings/sec99/full_papers/whitten/whitten_html/

[2]
Using encryption on the Internet is the equivalent of arranging
an armoured car to deliver credit card information from someone
living in a cardboard box to someone living on a park bench.
          -- Gene Spafford, Purdue University.

http://www.collegetermpapers.com/TermPapers/Technology/m.shtml


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list