funsec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Re: Malware sharing? People are full of shit [was: Getyour computer viruses here!]

From: Paul Vixie <paul () vix com>
Date: Fri, 30 Dec 2005 18:47:17 +0000
# > How do you scale it?
#  
# I don't need to do vetting on thousands of people. All I need to do, is 
# trust a group of people, who each trust a group of people, and so on. If 
# someone betrays that trust, they soon get found out and ejected (it's 
# happened). It scales just fine.

i halfway agree with this.  since the community undergoes constant churn in
the membership of "trusted", there's a scaling limit induced by the churn
that feels like it's not much higher than the scaling limit induced by "have
to do everything manually and deal with transitivity instabilities in the
trust web".  in other words, the manual/transitive scaling problem isn't
the bottleneck simply because something else is already the bottleneck.

however, the manual/transitive scaling problems are really much more costly
than what you said.  "soon found out" is hardly guaranteed -- i've known of
moles or double-agents in various security communities but was forbidden to
"out" them due to ongoing law enforcement actions.  probably i only knew the
tip of that iceberg.  a lot of sensitive material got leaked to people i knew
were evil, and it's my basic assumption that they shared it further.  i'd say
that like any malevolent parasite, these people try pretty hard to keep their
true nature and impact hidden.  i'm SURE there's more of this kind of thing
going on than i know.

i'm also sure that "N degrees of separation", for very moderate values of N
like "2" or "3", can introduce enough uncertainty as to how much vetting is
really done or how much evil-tolerance is really present, that i've pretty
much settled on a sharing rule similar to gadi's -- i only share with folks
who i know will respect my sharing rules, which are usually "it ends here."

so it's not unscalable for the reasons given, it's unscalable anyway, and i'm
very interested in a better system.  heinlein's treatment of this issue in
"the moon is a harsh mistress" was most instructive.  do we need a cell 
structure the way revolutions do?  if so that's interesting.  are we part of
a revolution?
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
Previous By Date Next
Previous By Thread Next

Current thread: