I call this the "trust binding" problem. That is, at a certain point, you decide whether to trust something. In the the two scenarios I described at the start, the trust decision has to be made every time you interact with the service. Maybe today, the provider is honest and competent; tomorrow, it might not be, whether due to negligence or compulsion by some government. By contrast, when the essential security properties are implemented by code that you download once, you only have to make your decision once—and if you were right to trust the provider, you will not suddenly be in trouble if they later turn incompetent or dishonest, or are compelled by a government to act against your interests.
Saturday, June 13, 2020
Trust Binding in Security
Professor Bellovin with excellent insight as usual, starting with a comment on Zoom's dubious security but getting to the root of the issue.
Subscribe to:
Posts (Atom)