solving the wrong problem

Anne & Lynn Wheeler lynn at garlic.com
Tue Aug 9 15:08:42 EDT 2005


John Denker wrote:
> That's an interesting topic for discussion, but I don't think
> it answers Perry's original question, because there are plenty
> of situations where the semblence of protection is actually a
> cost-effective form of security.  It's an example of statistical
> deterrence.

i've frequently used a metaphor about a bank vault door installed in the
middle of an open field.
http://www.garlic.com/~lynn/aadsm15.htm#9 Is cryptography where security
took the wrong branch?
http://www.garlic.com/~lynn/2002l.html#12 IEEE article on intelligence
and security
http://www.garlic.com/~lynn/2003h.html#26 HELP, Vulnerability in Debit
PIN Encryption security, possibly
http://www.garlic.com/~lynn/2003n.html#10 Cracking SSL

the other metaphor is the one about if all you have is a hammer, then
all problems become nails.

and for some of the PKI related ... frequently they start out claiming
the answer is PKI ... before asking what the problem is.

one of the current issues is that some financial operations are using a
value for a userid-like capability and at the same time using the same
value as a password-like capability. userid requires fairly high
security integrity ... aka from PAIN

* privacy
* authentication
* integrity
* non-repudiation

and the userid capability also requires fairly general availability in
order to establish permissions and as the basis for other business
operations.

however, the password capability requires very high privacy and
confidentiality. the result is relatively high diametrically opposing
use critiaria ... high integrity and generally available ... vis-a-vis
high confidentiality.

pure encryption might claim that they could meet the high
confidentialilty requirements ... but that then tends to break all the
"generally available" requirements for its userid function (and/or
esposing it in the clear for all its business use operations creates
enormous number of points for the value to leak out)

the fundamental threat model then turns out not to be there isn't enuf
encryption ... the fundamental threat model is a dual-use compromise ...
where the same information is being used to select permissions (aka
userid) and needs to be generally available ... while at the same time
serving as a password (for authentication).

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list