[Zope] - Cryptography... and the absurdity of things

Christopher G. Petrilli petrilli@amber.org
Wed, 30 Dec 1998 18:27:15 -0500 

On Thu, Dec 31, 1998 at 12:09:06AM +0100, Andreas Kostyrka wrote:
> [ Flame bait deleted ]
> Nope that's not the way it's done with free software ;)
> (Actually I mean technical sound software in comparision to software where
> marketodroids have the saying *g*, which happens to apply often to free
> software.)

If you want it, write it, and then I'll be happy to put my
cryptographer's hat on (didn't you wonder what I did for money?) and rip
it to shreds... the reality is that at this point, in this poltical
climate, with the current available resources, it's just not an
intellegent move.  

Security (of which cryptography may or may not be a component of) is a
highly complex topic often bantered around by marketing people, and
almost never understood by anyone who uses the word.  THe only thing
worse than no security is the false sense of SOME security (ney, Windows
NT and it's "C2" certification---without a floppy or network, or many
other things).

You need to define WHAT you're trying to accomplish before you reach
into the toolbox and pick a tool, rather than swing about your
hammer-de'jour looking for anything that might stick out, and calling it
a nail.  Cryptography is a grand thing, a mathematical tour-de-force if
done correctly, BUT it's rarely the issue.  If all you ahve to worry
about is whether someone can break your 40-bit key by brute force,
you've done a handy job, but don't delude yourself into thinking that
even relevant to most discussions.

The concept of "role based" authentication in ZOPE is wonderful as a
first step, there are many more that need to be made... all in good
time, as technology and time permit.  I would love ot see a fully
trusted, multi-level secure object publishing system, but given we can't
even get a secure WEB SERVER, I'm not holding MY breath for another
minute.  One must ask the question, "what are you protecting" and "what
is it worht".... so long as the aggregate of what you protect and it's
value is less than the effort required to counter your protections, you
have succeeded in building a reasonably secure system.

The world is about risk-mitigation, not about absolute security, the
latter does not, can not, will not exist, ever, even the NSA understands
this concept.

Define a risk, identify it's threat points, mitigate them through use of
(policy, technology, whatever) and move on.  If you can not mitigate the
risk, you must understand and accept it.  That's the business.

Also, we need to understand the distinction between trust (behaving the
way you are expected to), and security which is a more general
principle.  

Chris
-- 
| Christopher Petrilli
| petrilli@amber.org