List:
I welcome Bruce's new book on the faults of cryptography to provide
security. But saying that "no computer is secure, any network can be
hacked" is a sweeping overstatement, as false as saying the opposite.
The point is that while it is a good role to be positioned with
an ambulance at the bottom of the cliff and then rescue (for
a price) those that fall down the cliff, or to sell insurance to
those that fall, it is also as meritorious to make it very, very
hard if not entirely impossible to fall down that same cliff.
Even though it would stop the business down there.
The main problem I see with Bruce's statement is that it is
not true. The basis for the solution is simple: recognize
that cryptography is about keys and locks, whereas trust is
about whether they work. So, understanding the mathematical
properties of trust (trust not as an emotion but as something
essentially communicable), how can trust can provide an answer
to that which we cannot measure and how we can induce trust
over networks of networks using machine-human protocols will
go much further than denying that a solution exists.
More specifically, what would such a solution be? In this case,
we need to change paradigms and avoid the "Fort Knox Syndrome"
so widely seen in the Internet security community -- make it
stronger! But in this model the entire chain can still be compromised
by failure of one weak link -- even if that link is made stronger. The
solution is to use a multifold of links, arranged in time and space
such that rather than making the impossible assumption that "no part
will fail at any time," we can design a system where up to M parts can
fail at any time provided that not all M parts fail at the same time --
where M can be the entire number of parts.
Further, rather than seeking "infinite protection" at one point (which is
clearly impossible) we set up a system where a measure of protection
as large as desired can be attained by using an open-ended number
M of points, each one individually affording some "finite" protection
and contributing to higher-orders of integrity.
Some of these principles are gaining public exposure in products
and open protocols designed by myself at Safevote, Inc. and are for
example discussed in the article "From Voting to Internet Voting" in
the May 2000 issue of The Bell, with copy at
http://thebell.net/archives/thebell1.1.pdf , as well as in the paper
"Overview of Certification Systems" with copy at
http://thebell.net/papers/certover.pdf
There are also pending patents on this technology. Open discussions
at the IVTA (Internet Voting Technology Alliance) at ivta.org will
surely deal with these principles more and more.
Please see my comments from the viewpoint of understanding what
needs to be done in terms of raising awareness about the
difficulties -- kudos for Bruce! However, denying a solution
is IMO not intellectually fair and not according to what we
already have learned.
Cheers,
Ed Gerck
