[Cryptography] the TOFU lie - or why I want my meat...

Bill Frantz frantz at pwpconsult.com
Tue Apr 14 20:16:38 EDT 2015 

I'll start with the standard rant about the word "trust". 
Standing alone, "trust" is meaningless. The NSA is reported to 
say that the people you trust are those who can break your 
security. I certainly know people I have trusted with my 
children who I wouldn't trust with my investments, and vice 
versa. When one uses the work "trust", one must specify what is 
at risk.

With this fact in mind, lets look at a few scenarios.

I learned that SparkFun had the Arduino LillyPad for sale. (True 
story) I typed SparkFun into Google and went to their web site. 
It looked legit to me, and there were no security warnings. So I 
placed an order. Lets look at what I was risking. I was trusting 
the CA mess to validate that the URL, 
<https://www.sparkfun.com/> really went to SparkFun. If it 
didn't, my risk was (1) Stolen credit card, and (2) Delay in 
getting my LillyPad. The stolen credit card is the big one. It 
will cost me $50 + a bunch of hassle. But, I can tell my bank 
that I followed "best practices[1]" in my order, so they will 
probably eat the $50. I have no reason to believe that the items 
I ordered is private information. X.509 works here.

I had to SSH into a server at work from home. (True story) I 
first connected my laptop while connected to the internal 
company network so SSH could learn the server's key. I could 
then connect from home. My risk was that there was a MITM in the 
internal network. If there was a MITM in the internal network, 
the company was in deep dodo and MITMing my connection wouldn't 
make things worse. TOFO works here.

I needed to send some company confidential data to my home, but 
didn't have my PGP key fingerprint with me. (True story) I down 
loaded the key from the MIT key server. It had been signed by 
Carl Ellison. I had Carl's business card with his key 
fingerprint which matched the signature key. I had validated the 
key from the server. I had to trust Carl not to sign some other 
"Bill Frantz" key. I had reason to have faith in his integrity, 
and had verified the rest of the chain myself. The web of trust 
works here.

Someone wants to buy illegal drugs. (Probably true, but not me.) 
They use an anonymous market which identifies sellers by a 
public-private key pair. The key pair allows the seller to 
develop reputation which the buyer checks. The buyer uses 
anonymous channels to set up a deal which results in the buyer 
sending some bitcoins to the seller who then informs the buyer 
about the location of a dead drop with the drugs. One risk to 
the buyer is that the seller will decide to cash in his 
reputation capital and run off with the bitcoins[2]. The second 
risk is that the law has taken over the seller's private key and 
is using it to nab buyers. The buyer can limit the first risk by 
not buying large quantities. She can, with the cooperation of 
the seller, check out the dead drop before committing to picking 
up the drugs and risking arrest. The seller needs to pick a 
location which is easy to check. The Economist reports that this 
kind of system is in current use and works.

Cheers - Bill

[1] Best Practices n. "No one ever got fired for following 'best 
practices'", Alan Karp.

[2] Cashing in reputation capital has happened. Back in the 
early 1960s, there was a company in Hong Kong which mail ordered 
cameras to the US (and Europe). I ordered and received a Nikon F 
and was quite satisfied. There came a time when they stopped 
sending cameras, although then still accepted orders and cashed 
the checks. After 9 months or so, visitors to Hong Kong reported 
that they had completely disappeared.


---------------------------------------------------------------------------
Bill Frantz        |"Web security is like medicine - trying to 
do good for
408-356-8506       |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |

More information about the cryptography mailing list