No More Alice to Bob: Reality-based Models for Message Encryption and Key Management

No More Alice to Bob: Reality-based Models for Message Encryption and Key Management
Terence Spies

Citation
Terence Spies. "No More Alice to Bob: Reality-based Models for Message Encryption and Key Management". Talk or presentation, 29, September, 2005.

Abstract
Communication security has long subsisted under a model motivated by the assumption that endpoints were secure, while intermediaries and third parties were untrusted. The natural implication of this model is that properties like non-repudiation, confidentiality and end-entity authentication be provided in an end-to-end fashion. Not only is this model and its implications incorrect in real systems, but it is actively detrimental to building systems that customers need. This talk will go into experiences integrating encryption into a major operating system, and also the realities of deploying email encryption within 100,000 user enterprises, and will attempt to distill a set of different security and design assumptions that lead to useful systems.

Electronic downloads

spies_NoMoreAliceToBob.ppt · application/vnd.ms-powerpoint · 1148 kbytes

Citation formats

HTML

Terence Spies. <a
href="http://www.truststc.org/pubs/7.html"
><i>No More Alice to Bob: Reality-based Models for
Message Encryption and Key Management</i></a>,
Talk or presentation,  29, September, 2005.

Plain text

Terence Spies. "No More Alice to Bob: Reality-based
Models for Message Encryption and Key Management". Talk
or presentation,  29, September, 2005.

BibTeX

@presentation{Spies05_NoMoreAliceToBobRealitybasedModelsForMessageEncryption,
    author = {Terence Spies},
    title = {No More Alice to Bob: Reality-based Models for
              Message Encryption and Key Management},
    day = {29},
    month = {September},
    year = {2005},
    abstract = {Communication security has long subsisted under a
              model motivated by the assumption that endpoints
              were secure, while intermediaries and third
              parties were untrusted. The natural implication of
              this model is that properties like
              non-repudiation, confidentiality and end-entity
              authentication be provided in an end-to-end
              fashion. Not only is this model and its
              implications incorrect in real systems, but it is
              actively detrimental to building systems that
              customers need. This talk will go into experiences
              integrating encryption into a major operating
              system, and also the realities of deploying email
              encryption within 100,000 user enterprises, and
              will attempt to distill a set of different
              security and design assumptions that lead to
              useful systems.},
    URL = {http://www.truststc.org/pubs/7.html}
}

Posted by Christopher Brooks on 30 Sep 2005.
Groups: trustseminar
For additional information, see the Publications FAQ or contact webmaster at www truststc org.

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.