[Cryptography] the TOFU lie - or why I want my meat...
Bill Frantz
frantz at pwpconsult.com
Tue Apr 14 20:16:38 EDT 2015
I'll start with the standard rant about the word "trust".
Standing alone, "trust" is meaningless. The NSA is reported to
say that the people you trust are those who can break your
security. I certainly know people I have trusted with my
children who I wouldn't trust with my investments, and vice
versa. When one uses the work "trust", one must specify what is
at risk.
With this fact in mind, lets look at a few scenarios.
I learned that SparkFun had the Arduino LillyPad for sale. (True
story) I typed SparkFun into Google and went to their web site.
It looked legit to me, and there were no security warnings. So I
placed an order. Lets look at what I was risking. I was trusting
the CA mess to validate that the URL,
<https://www.sparkfun.com/> really went to SparkFun. If it
didn't, my risk was (1) Stolen credit card, and (2) Delay in
getting my LillyPad. The stolen credit card is the big one. It
will cost me $50 + a bunch of hassle. But, I can tell my bank
that I followed "best practices[1]" in my order, so they will
probably eat the $50. I have no reason to believe that the items
I ordered is private information. X.509 works here.
I had to SSH into a server at work from home. (True story) I
first connected my laptop while connected to the internal
company network so SSH could learn the server's key. I could
then connect from home. My risk was that there was a MITM in the
internal network. If there was a MITM in the internal network,
the company was in deep dodo and MITMing my connection wouldn't
make things worse. TOFO works here.
I needed to send some company confidential data to my home, but
didn't have my PGP key fingerprint with me. (True story) I down
loaded the key from the MIT key server. It had been signed by
Carl Ellison. I had Carl's business card with his key
fingerprint which matched the signature key. I had validated the
key from the server. I had to trust Carl not to sign some other
"Bill Frantz" key. I had reason to have faith in his integrity,
and had verified the rest of the chain myself. The web of trust
works here.
Someone wants to buy illegal drugs. (Probably true, but not me.)
They use an anonymous market which identifies sellers by a
public-private key pair. The key pair allows the seller to
develop reputation which the buyer checks. The buyer uses
anonymous channels to set up a deal which results in the buyer
sending some bitcoins to the seller who then informs the buyer
about the location of a dead drop with the drugs. One risk to
the buyer is that the seller will decide to cash in his
reputation capital and run off with the bitcoins[2]. The second
risk is that the law has taken over the seller's private key and
is using it to nab buyers. The buyer can limit the first risk by
not buying large quantities. She can, with the cooperation of
the seller, check out the dead drop before committing to picking
up the drugs and risking arrest. The seller needs to pick a
location which is easy to check. The Economist reports that this
kind of system is in current use and works.
Cheers - Bill
[1] Best Practices n. "No one ever got fired for following 'best
practices'", Alan Karp.
[2] Cashing in reputation capital has happened. Back in the
early 1960s, there was a company in Hong Kong which mail ordered
cameras to the US (and Europe). I ordered and received a Nikon F
and was quite satisfied. There came a time when they stopped
sending cameras, although then still accepted orders and cashed
the checks. After 9 months or so, visitors to Hong Kong reported
that they had completely disappeared.
---------------------------------------------------------------------------
Bill Frantz |"Web security is like medicine - trying to
do good for
408-356-8506 |an evolved body of kludges" - Mark Miller
www.pwpconsult.com |
More information about the cryptography
mailing list