[Cryptography] Security is a total system problem (was Re: Perfection versus Forward Secrecy)

Dirk-Willem van Gulik dirkx at webweaving.org
Sun Sep 15 07:48:59 EDT 2013


Op 13 sep. 2013, om 21:23 heeft Perry E. Metzger <perry at piermont.com> het volgende geschreven:

> On Fri, 13 Sep 2013 08:08:38 +0200 Eugen Leitl <eugen at leitl.org>
> wrote:
>> Why e.g. SWIFT is not running on one time pads is beyond me.
> 
> I strongly suspect that delivering them securely to the vast number
> of endpoints involved and then securing the endpoints as well would
..
> The problem these days is not that something like AES is not good
> enough for our purposes. The problem is that we too often build a

While most documents on Swift its move from something very akin to OTP (called BKE) seem no longer to be on the internet; the documents:

	http://web.archive.org/web/20070218160712/http://www.swift.com/index.cfm?item_id=57203
and
	http://web.archive.org/web/20070928013437/http://www.swift.com/index.cfm?item_id=61595

should give you a good introduction; and outline quite clearly what organisational issues they where (and to this day stil are) in essence trying to solve. 

I found them quite good readings - with a lot of (often) implicit governance requirements which have wider applicability.  And in all fairness - quite a good example of an 'open' PKi in that specific setting if you postulate you trust SWIFT only so-so as a fair/honest broker of information - yet want to keep it out of the actual money path. A separation of roles/duties which some of the internet PKI's severly lack.

Dw.


More information about the cryptography mailing list