[Cryptography] The role of the IETF in security of the Internet: for or against the NSA? for or against the security of users of the net?
Miles Fidelman
mfidelman at meetinghouse.net
Sun Jul 20 13:16:17 EDT 2014
ianG wrote:
> On 19/07/2014 20:26 pm, Dave Horsfall wrote:
>> On Sat, 19 Jul 2014, Phillip Hallam-Baker wrote:
>>
>>> There is really no problem with a trusted proxy, the question is
>>> whether the proxy is trustworthy or not. Consider the following
>>> possibilities:
>> At the risk of getting my head bitten off for stating the obvious, it
>> might be worth demonstrating the difference between a trustworthy system
>> and a trusted system rather more succintly:
>>
>> A trustworthy system is one that you *can* trust; a trusted system is one
>> that you *have* to trust.
>
> This has never been obvious, at least not to the IETF WGs, or more
> broadly I suspect, any committee approach.
>
Well, if we change the words a little, the government world has always
made the distinction between:
- certification (tested), and,
- accreditation (formally approved)
And there are lots of cases of accredited system that are not certified,
or at least only loosely certified. (The Designated Approving Authority
signed the paperwork.)
Those kind of map onto trustworthy (tested, certified) vs. "trusted" (we
have to use this one, the General says so).
And last time I looked, a lot of the folks who focus on security in the
IETF context, play in that world.
Miles Fidelman
--
In theory, there is no difference between theory and practice.
In practice, there is. .... Yogi Berra
More information about the cryptography
mailing list