Wednesday, April 13, 2016

Trusting trust

There is a big problem with trust. It is because people are involved.

I wrote a LI post on the root key for DNS. One of the comments was by Jason Andress:
I thought this bit from the cloudflare article was interesting:

"the reason you can trust the root DNS servers is because you can trust the people signing it. And, the reason you can trust the people signing it is because of the strict protocols they follow while doing so."

So the reason I can trust the root DNS servers, is because I can trust the people who signed them. And the reason I can trust these people is because they developed a rather theatrical and quasi-religious ceremony (their word, not mine) that says I can trust them? This is something akin to me presenting a driver's license as proof of my identity.

When I worked for the Navy lab at Dahlgren I was involved in standards, Fibre Channel and PKI. PKI was funny. These mathematicians from Entrust and Verisign would get up and scribble formulas all over huge whiteboards. Everybody would nod as if they understood, my math stopped at integral calculus so it was all Greek to me, (literally). Then they questions started and they all came down to one thing and it had nothing to do with the math, (thankfully). It was all about, why should we trust you? 

Think about it for a minute. It is a bit of smoke an mirrors, Entrust says, "It all starts with something called a root certificate. The root certificate is generated by a certification authority (CA) and is embedded into software applications. You will find root certificates in Microsoft Windows, Mozilla Firefox, Mac OS X, Adobe Reader, etc. The purpose of the root certificate is to establish a digital chain of trust. The root is the trust anchor."

Great, but why do we trust the root?

Update May 3, 2016 NewsBites carried a story:
--Threat Information Sharing Will Help Protect Critical Infrastructure
(April 29, 2016)
The Undersecretary of the US Department of Homeland Security's (DHS)
National Protection and Programs Directorate told an audience at a
conference in Washington, DC last week that cyberthreat information
sharing between private companies and government would help reduce cyber
risks to critical infrastructure. Suzanne Spaulding also said that
within organizations, cybersecurity should not be isolated within the
IT department, and that "it has to be part of that broader conversation
about functionality within those critical infrastructure sectors."
[Editor's Note (William Hugh Murray): DHS is learning at great expense what the
intelligence community would have told them for free:  trust is
essential for intelligence sharing; trust is fragile and does not scale.]

UPDATE: 6/7/16

Prof Nigel MacLennan points out that we tolerate, even expect a certain amount of duplicity. This is in a leadership context.

"Can a person lead if people do not trust them? It appears to be a simple question, but alas, the answer is not.

To illustrate, can you trust a politician to lie? Yes, you can count on it.

Even though we all accept that lying is part of politics, we still elect them to lead. Thus, sadly, it seems, that it is possible to lead without trust… in that context."

No comments:

Post a Comment