GPG testing...

bscott at ntisys.com bscott at ntisys.com
Sun Dec 29 23:24:41 EST 2002 

On Sat, 28 Dec 2002, at 11:06pm, gnhlug at sophic.org wrote:
> Like everything else pertaining to information assurance, it's a matter of
> risk management.

  That is exactly my point.  :-)

  The more I deal with the world, the more I think that the word "security"  
is inherently misleading.  I agree with those who say that "trust" is the
better term.  Too many people think security -- trust -- can be achieved
with tools.  Everyone knows a tool is only as good as the person using it.  
A tool itself cannot be trusted.  Only a person can be trusted.

  The crypto-nuts like to push the concept of "anonymous trust".  The idea
is that, with a proper PKI, two parties can exchange messages, and trust
them, even if they do not know anything about each other.  I find that
concept absurd.

  A digital signature only tells you that a message came from a certain
end-point.  It does not tell you anything about the person or people behind
that end-point.  Liars and idiots can sign messages, too.  Criminals can
sign messages.  If I don't know anything about you, a "secure" message
exchange with you is of limited use.

  My point is that PGP solves one problem:  It allows two parties who
already trust each other to exchange messages over an untrusted medium.  It
cannot do anything to help two parties who do not trust each other.

  The is another point worth making here: Signing all your messages
implicitly dilutes the value of the key you use to sign them.  As
mwl at alumni.unh.edu points out, draconian security measures and a policy of
always signing your messages do not mix.  A key you use all the time is, by
necessity, going to be more exposed.  Thus, it makes sense to have more than
one key.  The one you use for every-day correspondence might be stored on
online, stored in multiple locations, use an easier passphrase, and/or use a
key-agent to avoid having to enter the passphrase repeatedly in a single
session.  The key you use to sign an electronic contract, on the other hand,
might be stored on a disk in a safe, and only be used on a system not
connected to any network.  The latter policy, incidentally, is what the US
military generally uses when it comes to cryptography.  They know that
cryptography is only as good as the procedures surrounding it.  Of course,
they also face substantially higher risks than the average computer user.  
:-)

  (I realize that Derek and others on this list already realize this.  
However, others likely do not, and even the best of us (and me, too) could
stand to be reminded of this now and again.)

-- 
Ben Scott <bscott at ntisys.com>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or  |
| organization.  All information is provided without warranty of any kind.  |

More information about the gnhlug-discuss mailing list