The Law of the Internet: blame attaches to the last thing that changed.
Adam Langley, Cryptographic Agility
Capabilities are unforgeable tokens of authority
Robert N. M. Watson, Three-paper Thursday: capability systems
An internet with yurls and zero knowledge logins would render the CA’s largely irrelevant.
James A. Donald, on security@openid.net email list
Predictions are that by 2049, a $1000 dollar computer will exceed the computational capabilities of the entire human species.
Did you know? YouTube video [4:12 minute mark]
…the landscape of the Internet … starts to seem like a city with a few familiar, well-kept buildings, surrounded by millions of hovels kept upright for no purpose other than the ads that are painted on their walls.
The Dirty Little Secrets of Search, New York Times
HTML for POSTing [of username/password] costs providers very little. And the marginal cost for users is also low. The total cost for users is an unusable system.
Nicolas Williams
It is the golden rule of the IETF: “be liberal in what you accept, be conservative in what you send out”
That has proved to be a less-than-great idea, particularly in protocols where you care about security, which is to say, all of them.
Ben Laurie
Learn from the mistakes of others; you’ll never live long enough to make them all yourself.
Alfred E. Neuman of MAD Magazine
[on FFIEC recommendations] the banks quickly discovered that by redefining "two-factor auth" to mean "twice as much one-factor auth" they could meet the requirements without having to do anything to improve security
Peter Gutmann
The discovery problem is still the most difficult in federated identity. We've tried buttons, drag-downs, text boxes, cookies, plug-ins, duct tape, and telepathy. Each has pros and cons, we've got a lot of scars, and selection of one of them is an art rather than a science at this point.
Nate Klingenstein on OpenID email list
Spafford was right but early when he likened network security as hiring an armored car to deliver gold bars from someone living in a cardboard box to someone living on a park bench.
Dan Geer
- We don't read pages. We scan them.
- We don't make optimal choices. We satisfice (choose the first reasonable option).
- We don't figure out how things work. We muddle through.
If your audience is going to act like you're designing billboards, then design great billboards.
Don't Make Me Think, chapter 2 How we really use the Web, by Steve Krug
The Two Platonic Password Composition Rules:
- Pick something you can’t remember.
- Don’t write it down.
No problem, right?
Ceci n'est pas un Bob, Bob Blakley's blog
Anonymity is the state of being not identifiable within a set of subjects.
Unlinkability of two or more items of interest (eg subjects, messages, events, actions…) means that within the system (comprising these and possibly other items), from the attacker’s perspective, these items of interest are no more and no less related after his observation than they are related concerning his a-priori knowledge.
Unobservability is the state of items of interest being indistinguishable from any item of interest (of the same type) at all.
Pseudonymity is the use of pseudonyms as IDs.
An identity is any subset of attributes of an individual which identifies this individual within any set of individuals.
Anonymity, Unlinkability, Unobservability, Pseudonymity, and Identity Management — A Consolidated Proposal for Terminology, v0.27, 20 Feb 2006.
Any person can invent a security system so clever that she or he can't think of how to break it.
The only way to find the flaws in security is to disclose the system's workings and invite public feedback.
"Schneier's Law", according to Cory Doctorow.
Authorization does not always require individual authentication or identification, but most existing authorization systems perform one of these functions anyway. Similarly, a requirement for authentication does not always imply that accountability is needed, but many authentication systems generate and store information as though it were.
Who Goes There? Authentication Through the Lens of Privacy, finding 2.1.
Work on what is important [for Telstra], not on what is urgent [for the client].
Chris Rowles, 9 Mar 2004
…But why should this "community" (=world) ever convert to PKI? I believe that the main benefits would be:
Email from Anders Rundgren [anders.rundgren@telia.com] to ietf-pkix@imc.org sent Thursday, 12 February 2004 2:49 AM with the subject "Re: Policy User Interfaces (was RE: Setting X.509 Policy Data in IE, IIS, Outlook)"
- eliminating the distribution of shared secrets
- having a universal static ID towards all external parties
The hardest part of computer security is the piece between the computer and the user. The hardest part of encryption is maintaining the security of the data when it's being entered into the keyboard and when it's being displayed on the screen. The hardest part of digital signatures is proving that the text signed is the same text that the user viewed. And the hardest part of computer forensics is knowing who is sitting in front of a particular computer at any time.
CRYPTO-GRAM, 15 Nov 2003, by Bruce Schneier, The Trojan Defense section.
Unless you share your intrusion logs with like firms you will not and you cannot ever know whether you are a target of choice or a target of chance, and you will therefore waste needless cash or incur needless risk.
"getting the problem statement right", Dan Geer, ;Login, vol. 28, #3, Jun 2003.
You cannot argue and judge a way forward - you need to design a way forward.
You can analyse the past but you need to design the future.
"Why So Stupid? How the Human Race has Never Really Learned to Think", Edward de Bono.
The ambivalence which many social actors show in their trust towards technology-related actors and processes has important implications.
One of the most important goals of an effective management of technology development would be, in the ideal case, the mutual co-construction of the technology and of its social acceptance. In other words, not only develop a kind of technology whose characteristics and goals are accepted by the citizens and users; but in addition, generate this technology from an R&D and decision making process accepted by all involved, and which is based on a relation of mutual trust.
Futures: the journal of policy, planning and futures studies; vol. 35, #3, April 2003, "Designing Trust", by Oliver Todt. See sciencedirect.com or http://www.elsevier.com/locate/futures.
With client-side SSL (and perhaps many single sign-on schemes), "what the user knows" has been replaced by "what some complex software on the user's desktop does in response to complex stimuli".
John Marchesini, S.W. Smith & Meiyuan Zhao, Keyjacking: Risks of the Current Client-side Infrastructure.
I think that we need to address the problem of how the whole PKI architecture hangs together in a document that can be understood by the people who are actually on the front lines.
I don't think that simply repeating the mantra of the end-to-end ideology helps either. Yes end-to-end is a good thing, but there are a lot of security issues it does not and cannot address. Defining these issues as non-problems as the IETF has done for many years or railing against firewalls, NAT, etc. as members of the IAB are wont to do is not helpful.
Phillip Hallam-Baker, IETF PKIX e-mail, 29 Mar 2003.
Instead of the IRD [NZ tax dept] sending out the information and then having to prove it got to the user (and no one else) and that they were the ones responsible for using it, the onus should be on the user to prove themselves. The correct way to do it (which is how the IRS is doing it) is to get the user to submit to the IRD a paper document in which they formally declare that the data contained on this document (PIN, password, signature key, whatever) was generated and is stored subject to certain security requirements, that it is entirely under their control, that they agree to use it to form binding signatures for the purposes of filing a tax return, that tax returns which are submitted authenticated with this signature are the sole responsibility of the signer, and so on and so forth. This constitutes a formal, legally binding signed agreement which makes the signer responsible for the tax return, and allows them to be prosecuted in court if there's anything wrong with the return.
Peter Gutmann
what we asked for: constant novelty coupled with acceptable stability, rather than the other way around
People talk simplicity but buy features and pay the consequences
Edward Tenner
In the rush towards the digital era, we will continue to live right on the edge of intolerable frustration.
the premium will be on making the developers' task easy, not on users' convenience. That was a major factor behind the evolution of the frustrating PC
Andrew Odlyzko