[Cryptography] Encryption opinion

[Jerry Leichter]

On Aug 26, 2014, at 11:06 PM, Watson Ladd <watsonbladd at gmail.com> wrote:
> The solutions to these problems [insecurity of end nodes emerged in the 1950-1960's, and as late as the 1980's the Orange Book made the sort of system that CapOS, Coyote, and Ethos attempted to make the gold standard. No one did it
> for a variety of reasons, but you certainly could with enough work,
> make a single-user system with the property that all access to
> documents is authorized by a UI action, or use Keychain/factotum style
> auth for all SSH private keys....
*No* solution to these problems has *ever* emerged.  *Proposals* for solutions have been all the rage, and various experimental implementations have been done, but none has succeeded - if by "success" you mean not "led to publishable papers" but "led to fieldable (and fielded) useful (and used) systems".

The Rainbow series of papers, of which the Orange Book was simply the best known, was an attempt to turn the nominal structure of *military* systems into the basis for secure systems for the entire world.  In practice, it didn't even satisfy the requirements of the military.  I still have a copy of the entire Rainbow series somewhere, but let's face it:  It's a historical curiosity.

PKI's "solved the problem" of key distribution and MITM attacks.  RSA "solved the problem" of signatures.  And it's not just security:  Nelson's dissertation on RPC (or CORBA, if you want to talk about the most complete widely-available realization of those ideas) "solved the problem" of distributed computation.  A variety of papers, include Hoare's CSP, "solved the problem" of parallel programming.  Codd's definition of the relational algebra and a whole bunch of work on transactions "solved the problem" of databases.  *And these are examples of ideas that actually have seen wide and continuing success!*  But the problems they've "solved" have proved to be broader than originally thought.  If you want to list other "solutions" that have have simply vanished over they years, they are easy to find.  Thinking Machines hardware and CM* "solved the problem" of massive parallel computation.  C++ "solved the problem" of object-oriented programming for the masses.  And, hell, next year will absolutely, definitely be the year of Linux on the desktop.

When you see ideas that have been sold for years as a solution to a significant problem, but somehow have never quite caught on - two that come to mind immediately are functional languages and capability-based systems - you have to ask yourself:  Might there be a reason?  Might there be something missing - perhaps just a small thing?  Sometimes that's enough!

For capability-based systems, I think *the* hard problem is configurability:  How do you turn an access policy defined in human terms into a set of capabilities that accurately and completely implements the policy?  Given a set of capabilities, how do you turn it into something human beings can actually understand?  The *implications* of security policies - what is *actually* granted or forbidden, not as a result of the explicit policies but as a result of what they imply - is something that's difficult or impossible to understand, whether the policies are stated in English or in some formal capability language.  In human-based systems, we get around our lack of understanding by allowing humans to override the policies (which also opens the system up to social engineering).  When we freeze the enforcement of such policies into code, we often produce unusable systems.

Note that I'm not claiming capability-based systems *can't* work.  I'm saying that *even on the theoretical side*, we need to do more work on *known issues*; and on the practical, fieldable, fielded side - we have almost no experience.

Claims that capability-based systems can, *in practice*, solve the difficult issues of end-point security at Internet scale simply cannot be supported today.

                                                        -- Jerry