Comments

ThothApril 13, 2017 6:36 PM

He imsportance of TCB and verifiable and secured computing is still not entering the brains. Protocol and algos without proper TCB and underlying layers are still going to present the same problems no matter what protocols are used.

ab praeceptisApril 13, 2017 7:04 PM

Side note (Kontext: Konnikovas confidence game), Quote "... eBay and Amazon have built reputation systems as a practical mitigation."

Funny, as those are plagued by pretty much the same problems PKI is suffering from.

Classical trouble: One must first trust the party which judges the participants trustworthiness. This is also true if the judges "are" (or seem to be) the peers themselves, i.e. the users (e.g. of amazon).

Short version: That whole game is rotten, no matter how much fuzz security people make about it. If we want something trustworthy we must first address and fix the game setup - and not some algorithms.

John GaltApril 13, 2017 10:29 PM

@ ab prae...

[[[ Classical trouble: One must first trust the party which judges the participants trustworthiness. This is also true if the judges "are" (or seem to be) the peers themselves, i.e. the users (e.g. of amazon). ]]]

INSANITY IN HIGH PLACES: You have two choices: 1) "trust" the recipient's keys or 2) send unencrypted... or 3) Place your keys in escrow.

That's a no brainer. Who dreamed up that sh!t? (ANSWER: PSYCHOPATHS IN THE NSA/CIA/DOD)

Have you ever bothered to crawl the federal PKI system? You should. It's a miracle it works at all. (And, I bet some of it doesn't)

[[[
Short version: That whole game is rotten, no matter how much fuzz security people make about it. If we want something trustworthy we must first address and fix the game setup - and not some algorithms.

Funny, as those are plagued by pretty much the same problems PKI is suffering from.
]]]

I have a solution. Been working on it for several years. Seriously. Adoption is merely about finding people who aren't on deviant's payrolls.

ab praeceptisApril 14, 2017 12:09 AM

John Galt

"I have a solution. Been working on it for several years. Seriously. Adoption is merely about finding people who aren't on deviant's payrolls."

... and about people knowing about it - which is hard if you don't tell us about it.

Clive RobinsonApril 14, 2017 1:27 AM

@ ab praeceptis,

Classical trouble: One must first trust the party which judges the participants trustworthiness.

Also reduces to "who watches the watchers" which for a human trust relationship becomes a "lesser flea" or "Turtles all the way down" problem.

The problem with humans is as once noted "Everyman has his price" with the acceptance that the "price" can also be a cost thus it's the magnitude of the transaction that's in question.

The US in particular is susceptible to the "cost" magnitude because of no effective "social safety net" and "each party pays there own costs" in litigation. It's a system guaranteed to produce subjugation under the old "King Game" of "Might is right" and "Divine Right".

But on the flip side humans will break any law, and any trust relationship if they are convinced it's "For the Greater Good"[1]. And unfortunatly there are usually sufficient "Authoritarian Followers" to make it happen.

Hence we have seen violence used as a tool by employers and the state when faced by collective action from employees who wish to avoid being exploited by the employers. It's always interesting to see the MSM viewpoint on labour relations, in that in nearly all cases they will find ways to show the employees as the exploiters of the situation/employer and the rent seeking shareholders.

[1] "For the Greater Good" is my pick for the scariest phrase you can ever hear said, and my advice is if you evere hear it said in ernest is "run whilst you still can" as there will be no negotiation and no reprieve.

John GaltApril 14, 2017 2:48 AM

@ ab praecipus

[[[ ... and about people knowing about it - which is hard if you don't tell us about it. ]]]

LATIN : ab praeceptis == "by the rules."

I think outside the box.

As Clive just said, "But on the flip side humans will break any law, and any trust relationship if they are convinced it's "For the Greater Good"[1]. And unfortunatly there are usually sufficient "Authoritarian Followers" to make it happen."

I call them brown nosers.

Nazi's called the Brown Shirts cuz the doodoo landed on their white collars.

@ Clive

[[[ Also reduces to "who watches the watchers" which for a human trust relationship becomes a "lesser flea" or "Turtles all the way down" problem. ]]]

I call it the Yertle the Turtle vs Mack.

Dr Seuss was a cool dude.

Burp.

:)

WinterApril 14, 2017 3:12 AM

@Clive
"It's always interesting to see the MSM viewpoint on labour relations, in that in nearly all cases they will find ways to show the employees as the exploiters of the situation/employer and the rent seeking shareholders."

This is my litmus test. Whoever calls out the weak to be the exploiters, I know is my enemy.

The list of weak "exploiters" is long: Labor, immigrants (illegal or not), minorities of any kind, refugees, ...

But MSM damning these underdogs? That depends on your country. For instance, not all German newspapers damn any of the above underdogs. Several still stand up for refugees and immigrants. Most stand up for labor.

UK and USA, that is a different story. But many news outlets in the world have English language versions. So there is choice.

Peter S. ShenkinApril 14, 2017 7:59 AM

@Clive Robinson I have a scarier phrase: "It's a matter of principle." It means, "I want the whole pie."

supersaurusApril 18, 2017 8:17 PM

@Thoth

in re TCB, I went down this chain of links: https://en.wikipedia.org/wiki/Trusted_computing_base -> http://ts.data61.csiro.au/projects/seL4/ -> http://ts.data61.csiro.au/projects/TS/l4.verified/ -> http://ts.data61.csiro.au/projects/TS/l4.verified/proof.pml

the first reference above says


Researchers at NICTA and its spinout Open Kernel Labs have recently performed such a formal verification of [1], a member of the L4 microkernel family, proving functional correctness of the C implementation of the kernel.[8] This makes seL4 the first operating-system kernel which closes the gap between trust and trustworthiness, assuming the mathematical proof is free from error.

note the "...assuming the mathematical proof is free from error...".

the lowest link above discusses the "proof". there is a great armload of assumptions, e.g. "...Assembly: the seL4 kernel, like all operating system kernels, contains some assembly code, about 600 lines in our case. For seL4, this concerns mainly entry to and exit from the kernel, as well as direct hardware accesses. For the proof, we assume this code is correct..." and "...Hardware: we assume the hardware works correctly...", and finally the great leap "...Provided our assumptions above are true...".

you'll have to read the entire thing to be sure I'm not cherry-picking (many more assumptions are given), but it seems to me that just the assumption that the hardware is working according to spec (and finally an OS *does* run and depend upon hardware) requires a lot of faith given the silicon complexity of even a simple microprocessor.

further "...We chose an operating system kernel to demonstrate this: seL4. It is a small, 3rd generation high-performance microkernel with about 8,700 lines of C code...", an extremely small amount of code compared to [[name your favorite OS for most people]]. imagine trying to scale this effort up to windows or linux running on a current generation intel processor, in other words the current version of the real world.

of course subjecting windows, linux or any core i7 processor to the process discussed in the above links is not going to happen, you would need to start with a small, simple processor and a small, simple kernel (as above) and bootstrap your way up, of course making a lot of assumptions about the first level of the bootstrap. is this actually going to happen? if it did, how long would it take for such a system to be commercially viable? not in my lifetime I think.

am I just being contrary?

oh, and lest I forget:
@ab praeceptis

for your enjoyment, to save you reading time, note in the above "...8,700 lines of C code...".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.