::scr tales from the crypto

Alaric Snell scr@thegestalt.org
Mon, 22 Apr 2002 10:17:19 +0100

Previous message: ::scr tales from the crypto
Next message: ::scr User Interface Problem - Probably Anal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Friday 19 April 2002 18:39, you wrote:

> So has anyone got any strong opinions or bright ideas as to how this could
> be solved? Any of you IAs looked at this problem? Or should we just set
> the bar higher for users? Is that even a realistic response given the
> widespread public use of computers these days?

Users expect their data to be secure - they're shocked when people read their 
stuff. If *asked* if people can read their data, they'll think, go 'Uh... 
probably! I dunno...' and look worried - I think they just don't think about 
it normally.

THEREFORE, I would suggest that security be built deeply into systems, so 
it's invisible.

THIS WILL REQUIRE a whole new protocol stack. Every protocol we use has its 
own security mechanism. Without a standardised way of authenticating users 
and encrypting traffic, people will always be exposed to things like 
remembering different passwords for different web sites and servers, and 
security will be compromised.

Running everything over SSL would be nice, but the infrastructure isn't in 
place. To do that we'll need a standard place for one's personal SSL 
certificate to live on one's machine, that your web browser / mail client / 
file server client can all look for it in. There will need to be support for 
X.509 public keys in authentication databases so they can be shared around 
organisations to replace the likes of Kerberos - LDAP would be good for this, 
sine the X.500 system it emulates was designed to solve this problem :-)

We would also need to add an extra layer to the X.509 trust chain; 
organisations would get CA certs rather than just host certs so they can 
create host certs themselves for all their machines. The admin overhead of 
applying to Smellysign every time you set up a new server (and paying all 
that money) such, and using private internal CAs is a bit of a hack since you 
need another trusted path to get the internal CA key out to all the 
workstations you might need to interact with.

> And what about the nuts and bolts? It often seems to me that a lot of the
> underlying structure of networked computing isn't fundamentally suited to
> security, due to the environment in which it was developed

Quite.

ABS

-- 
                               Alaric B. Snell
 http://www.alaric-snell.com/  http://RFC.net/  http://www.warhead.org.uk/
   Any sufficiently advanced technology can be emulated in software

Previous message: ::scr tales from the crypto
Next message: ::scr User Interface Problem - Probably Anal
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]