[Cryptography] SSL Certificates are expiring...
Jon Callas
jon at callas.org
Sun Feb 16 19:21:45 EST 2020
> On Feb 16, 2020, at 12:54 PM, Dave Horsfall <dave at horsfall.org> wrote:
>
> On Sat, 15 Feb 2020, John Kelsey wrote:
>
>> In security, "trusted" should be translated as "can screw me over."
>
> I think it was Bruce Schneier who wrote that a "trusted" system is one that can break your security.
He did say that, but the idea of a Trusted Computing Base (TCB) goes back to Orange Book, MULTICS, and many documents before that. That's the same use of "trusted" to mean that it axiomatically must work correctly or security fails, and therefore we have to trust it.
Jon
More information about the cryptography
mailing list