[Cryptography] Security is a total system problem (was Re: Perfection versus Forward Secrecy)
Dirk-Willem van Gulik
dirkx at webweaving.org
Sun Sep 15 07:48:59 EDT 2013
Op 13 sep. 2013, om 21:23 heeft Perry E. Metzger <perry at piermont.com> het volgende geschreven:
> On Fri, 13 Sep 2013 08:08:38 +0200 Eugen Leitl <eugen at leitl.org>
> wrote:
>> Why e.g. SWIFT is not running on one time pads is beyond me.
>
> I strongly suspect that delivering them securely to the vast number
> of endpoints involved and then securing the endpoints as well would
..
> The problem these days is not that something like AES is not good
> enough for our purposes. The problem is that we too often build a
While most documents on Swift its move from something very akin to OTP (called BKE) seem no longer to be on the internet; the documents:
http://web.archive.org/web/20070218160712/http://www.swift.com/index.cfm?item_id=57203
and
http://web.archive.org/web/20070928013437/http://www.swift.com/index.cfm?item_id=61595
should give you a good introduction; and outline quite clearly what organisational issues they where (and to this day stil are) in essence trying to solve.
I found them quite good readings - with a lot of (often) implicit governance requirements which have wider applicability. And in all fairness - quite a good example of an 'open' PKi in that specific setting if you postulate you trust SWIFT only so-so as a fair/honest broker of information - yet want to keep it out of the actual money path. A separation of roles/duties which some of the internet PKI's severly lack.
Dw.
More information about the cryptography
mailing list