::scr tales from the crypto
Alaric Snell
scr@thegestalt.org
Mon, 22 Apr 2002 10:17:19 +0100
On Friday 19 April 2002 18:39, you wrote:
> So has anyone got any strong opinions or bright ideas as to how this could
> be solved? Any of you IAs looked at this problem? Or should we just set
> the bar higher for users? Is that even a realistic response given the
> widespread public use of computers these days?
Users expect their data to be secure - they're shocked when people read their
stuff. If *asked* if people can read their data, they'll think, go 'Uh...
probably! I dunno...' and look worried - I think they just don't think about
it normally.
THEREFORE, I would suggest that security be built deeply into systems, so
it's invisible.
THIS WILL REQUIRE a whole new protocol stack. Every protocol we use has its
own security mechanism. Without a standardised way of authenticating users
and encrypting traffic, people will always be exposed to things like
remembering different passwords for different web sites and servers, and
security will be compromised.
Running everything over SSL would be nice, but the infrastructure isn't in
place. To do that we'll need a standard place for one's personal SSL
certificate to live on one's machine, that your web browser / mail client /
file server client can all look for it in. There will need to be support for
X.509 public keys in authentication databases so they can be shared around
organisations to replace the likes of Kerberos - LDAP would be good for this,
sine the X.500 system it emulates was designed to solve this problem :-)
We would also need to add an extra layer to the X.509 trust chain;
organisations would get CA certs rather than just host certs so they can
create host certs themselves for all their machines. The admin overhead of
applying to Smellysign every time you set up a new server (and paying all
that money) such, and using private internal CAs is a bit of a hack since you
need another trusted path to get the internal CA key out to all the
workstations you might need to interact with.
> And what about the nuts and bolts? It often seems to me that a lot of the
> underlying structure of networked computing isn't fundamentally suited to
> security, due to the environment in which it was developed
Quite.
ABS
--
Alaric B. Snell
http://www.alaric-snell.com/ http://RFC.net/ http://www.warhead.org.uk/
Any sufficiently advanced technology can be emulated in software