David Conrad wrote: > > On Jan 26, 2012, at 1:52 PM, Martin Rex wrote: > >> Security that looks at 'all possible sources of error' seems to me > >> to be a halting state problem > > > Drawing a line amounts to sticking your head in the sand. > > Or a realization that it isn't realistic to try to solve > "all possible sources of error".
If a secure identity system existed, we would be using it. If a secure identity system could be invented, it would have been invented by now. So far, the best known approach is to look at *all* parts of the system individually, and perform risk management for it, i.e. ensure that the cost of breaking it is sufficiently high that the entire system amounts to a good-enough trade-off. > > > If we believe > > that using DNS names for authentication, then we need to fix *all* > > parts of the technology, including the adminitrative procedures > > for managing/delegating DNS names. > > That isn't even close to "all possible sources of error". > > You would seem to draw the line at "administrative procedures for > managing/delegating DNS names" (if DNS is to be used). The line in the above statement is the circle aroud "*all* parts", which leaves no parts of the system on the other side of that line. But "fix" may have been misleading here. It was meant in the sense from above: ensuring for each part individually that the cost of breaking it is high enough that the resulting system amounts to a good-enough trade-off. The EV-certs approach is in principle correct: those who want the extra trustworthiness should bear the additional costs necessary to ensure that trustworthiness. -Martin _______________________________________________ therightkey mailing list therightkey@ietf.org https://www.ietf.org/mailman/listinfo/therightkey
