On Mon, Feb 13, 2012 at 7:00 PM, Phillip Hallam-Baker <[email protected]> wrote: > Before quoting end to end I strongly suggest that you actually read > the Clark paper because it probably does not say what you think it > does. The argument is actually about complexity and strategies for > addressing it. > > The end-to-end security model is bunk when it comes to PKI because the
The end-to-end model is broken whenever authentication is mediated by third parties that can MITM you or worse. This applies to PKI and Kerberos, for example. But the end-to-end model isn't entirely broken as a result. There's a pretty decent analogy to be made between off-line human behavior and on-line security protocols as far as trust establishment goes. Namely: we depend on repeatability of results for judging trustworthiness (and much else besides), and in the absence of long shared history with our peers we do tend to depend on transitivity for trust to bootstrap new pair-wise trusts. There are lots of times in the off-line world when impersonation can occur, but we act as though the risk of compromise goes down as we repeat experiences. Even beyond impersonation, trust between individuals grows over time as they show each other that they are trustworthy. But what is the on-line equivalent of this? I'd say that something roughly along the lines of cert pinning is one equivalent: "gee, servers with this cert haven't stolen all my money yet, and it's been three years, so, yeah, I trust this cert". <hand-waving topic="rollover issues"/> Grant me this analogy for the sake of this argument. We can use trusted third parties to bootstrap pair-wise trusts and use those pair-wise trusts to get end-to-end security, meaning, really: establish pair-wise secret session keys that others don't get to discover, including the trusted third parties unless they're willing to MITM or collude with the peer for a very long time. If a trusted third party has to be an MITM for years to avoid discovery, they won't be an MITM at all because that's just too difficult to pull off (unless the users are an extremely captive audience). In other words: I'm arguing that while it's true that trusted third parties weaken the end-to-end security model, they don't fundamentally prevent the end-to-end model from being faithfully applied, they just add considerations, caveats, difficulties, but not insurmountable ones. > end points of every communication are either people or corporations > and neither can do big number modular arithmetic without some form of > computer support. > > So there will always be at least three hops in your model: > > Alice <-> Computer <-> Computer <-> Bob Sure. We make some simplifying assumptions because humans are insufficiently fast computers. Our devices speak for us, else we'd not need those devices in the first place. > This really matters a heck of a lot when you start to consider real > world issues like usability. Definitely. Nico -- _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
