[Cryptography] Untrusted Turtles all the way down

Henry Baker hbaker1 at pipeline.com
Fri Apr 10 00:35:34 EDT 2015


At 09:03 PM 4/9/2015, John Ioannidis wrote:
>On Thu, Apr 9, 2015 at 4:17 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
>...
>"Trusted Turtles" or "Untrusted Turtles" all the way down?  Or more succinctly, "Turtles all the way down" v "Turds all the way down" ?
>
>Mock Turtles? :)
>
>When do we _cut_ the Gordian Knot, instead of trying to untie it?
>
>The story of the Gordian Knot had always bothered me.  Brute force is very rarely a solution to complex problems.  The oracle had said that whoever would *untie* the knot would conquer the world.  Alexander did not untie it; he used force.  He did conquer a lot of territory, but it all fell apart when he died.
>
>No, the right bit of Greek history/mythology is the Augean Stables: crap that has been piling on more crap for a long time.  So the question becomes, who will be the Hercules who will clean up all the BS (or turds, in your terminology).

At the risk of mixing waaay too many metaphors, when you're already in a hole, the best first step is to stop digging.

I.e., don't put all your golden eggs into that "TPM" -- aka honeypot -- which makes it sooo much easier for your random nation-state/criminal enterprise (but I repeat myself) to find your golden eggs.

Which is precisely why these TPM's are more Turd than Trusted Turtle; the first NSL flips them over onto their backs.

Hmmm...  Ring 0, ring -1, ring -2...  I guess the postman does ring more than 2x.  This Intel ring movie has more sequels than Friday the 13th.  The most likely upcoming malware: the ring-worm.

-- from one of those Piled-higher-and-Deeper folks



More information about the cryptography mailing list