|
|
Subscribe / Log in / New account

Transport-level encryption with Tcpcrypt

Transport-level encryption with Tcpcrypt

Posted Sep 4, 2010 4:52 UTC (Sat) by zooko (guest, #2589)
In reply to: Transport-level encryption with Tcpcrypt by Trelane
Parent article: Transport-level encryption with Tcpcrypt

Self-certifying filesystem:

ftp://cag.lcs.mit.edu/pub/dm/papers/mazieres:thesis.ps.gz

ssh's model which Peter Gutmann calls the "baby-duck" model or "key continuity"

Web of Trust by Phil Zimmermann

The FreeS/WAN project by John Gilmore, Hugh Daniel et al., known as "Opportunistic Encryption".

The Capability Access Control model:

original:

http://www.cs.washington.edu/homes/levy/capabook/Chapter3...

modern synthesis:

http://erights.org/talks/thesis/index.html

Zooko's Triangle and Pet Names:

http://www.skyhunter.com/marcs/petnames/IntroPetNames.html

ZRTP:

http://en.wikipedia.org/wiki/ZRTP

Tahoe-LAFS:

http://tahoe-lafs.org

(Those last three are self-citations.)

The overall theme here is that the good ideas about robust decentralized security came originally from systems researchers and hackers, not from cryptographers. Cryptographers traditionally focused on elegant mathematical models and (with almost no explicit justification) they settled on the globe-spanning, centralized, hierarchical security model that we all know and love today as "PKI".

to post comments

Transport-level encryption with Tcpcrypt

Posted Sep 6, 2010 3:20 UTC (Mon) by zooko (guest, #2589) [Link] (2 responses)

I was remiss in omitting Carl Ellison:

Carl Ellison. Establishing Identity Without Certification Authorities. In Proc. Sixth USENIX Security Symposium, pages 67–76, Berkeley, 1996. Usenix.

Again, this is a fellow who is basically a systems researcher, not a cryptographer as such (he has no publications in crypto theory to my knowledge), and he was publishing good ideas along these lines back in '96.

Oh, and of course Ron Rivest was doing a very similar thing in '96: http://people.csail.mit.edu/rivest/sdsi10.html

So there's the first example I can come up with of a bona fide cryptographer giving us something more robust and decentralized than the PKI model.

Transport-level encryption with Tcpcrypt

Posted Sep 6, 2010 3:26 UTC (Mon) by zooko (guest, #2589) [Link] (1 responses)

Oh, and I see that Rivest's SDSI 1.0 in '96 cites:

Matt Blaze, Joan Feigenbaum, and Jack Lacy. Decentralized trust management. In Proceedings 1996 IEEE Symposium on Security and Privacy, page (to appear), May 1996.

Also real cryptographers.

But I should emphasize that while SDSI and to a lesser extent PolicyMaker were influential, these were exceptions to the centralized hierarchical PKI model that dominated cryptography, and they were too late. By 1996 the damage had already been done when Netscape engineers baked the PKI model into their socket encryption protocol, SSL.

Transport-level encryption with Tcpcrypt

Posted Sep 6, 2010 3:27 UTC (Mon) by zooko (guest, #2589) [Link]

I wrote "by 1996 the damage had already been done...", but I meant that it had already been done two years earlier, when Netscape invented SSL.

Okay I'm definitely going to stop following-up to myself now. :-)


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds