Full Disclosure mailing list archives
Re: Security as an Enabler - Virtual Trust: AnOpen Challenge to All InfoSec Professionals
From: <Glenn.Everhart () chase com>
Date: Thu, 28 Sep 2006 10:42:42 -0400
I see no value in suddenly starting to use a term "virtual trust" for trust given due to evidence produced over wires as opposed to trust given due to evidence produced by other means. Trust and the validity of evidence to justify it are meaningful. A new candidate buzzword for a concept that has been around for a long time does not. Many of us have argued for at least decades now that more trustworthy systems and more trustworthy evidence for the parties to a transaction not being fooled about the identity of their correspondents enables more kinds of business. However I see nothing virtual about the trust that is needed. Seems to me it must be real trust, ultimately validated by real evidence or statistics showing it is properly granted, whether granted by a person or an automaton. Whether a human or an automaton evaluates evidence for identity, either must use similar statistics to validate their choices and either will probably perform better given more and more varied evidence. If you build your authentication systems so that available evidence is excluded, shame on you. But this observation was published at least 14 years back, probably further, and depends on there being real trust, real evidence, and real ways to tell (at least statistically) whether it is being conferred justly. I suspect efforts to separate them obscure rather than elucidate. Glenn Everhart -----Original Message----- From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk]On Behalf Of Dave "No, not that one" Korn Sent: Thursday, September 28, 2006 9:43 AM To: full-disclosure () lists grok org uk Cc: bugtraq () securityfocus com Subject: Re: [Full-disclosure] Security as an Enabler - Virtual Trust: AnOpen Challenge to All InfoSec Professionals Kenneth F. Belva wrote:
I've been defending Virtual Trust as an enabler for the past three days on the full-disclosure list. So far, fairly successfully.
An enabler *of* anything in particular? Or just some kind of magic enabling pixie dust, good for all purposes?
Here's the challenge: How creative are you *for* VT, *against* VT and determining the *impact* of VT?
What does "being creative *for*" something even mean? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ ********************************************************************** This transmission may contain information that is privileged, confidential, legally privileged, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. Although this transmission and any attachments are believed to be free of any virus or other defect that might affect any computer system into which it is received and opened, it is the responsibility of the recipient to ensure that it is virus free and no responsibility is accepted by JPMorgan Chase & Co., its subsidiaries and affiliates, as applicable, for any loss or damage arising in any way from its use. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. Thank you. ********************************************************************** _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Security as an Enabler - Virtual Trust: AnOpen Challenge to All InfoSec Professionals Glenn.Everhart (Sep 28)