Trust

Whom do you trust?
If I telnet to my workstation from a remote site I am implicitly trusting several things.

  • The local workstation to run the correct telnet binary.
  • The local workstation to not log my password.
  • The local workstation to not log my session.
  • The local workstation to connect me to the correct machine.
  • Every router between here and there to not log my passwords or session
  • Every network between here and there to not allow unauthorized users to log my password or session.
  • Every machine on every network between here and there to not log or hijack my session.
  • The remote machine to behave properly and not log my session.
  • The DNS to give me the right IP address for the hostname
  • The competency of those who manage the above.

  • Anything that every one of the above trusts

    Hierarchy of trust
    When I trust an entity I trust everything that entity trusts. For example, I trust the DNS which means I trust the machine that the DNS runs on which means I trust the operating system on the DNS server as well as the system manager of that server, etc, etc.

    If machine C trusts machine B and machine B trusts machine A then machine C implicitly trusts machine A. 

        A   A
    |   |
B   B   |
|       |
C       C

    What to trust?
  • Short answer: Nothing!
  • Long answer: That's usually impossible. Even the "top level" DNS on campus must trust the root-level name servers (and remote name servers for outside information) The top level time server on campus needs to trust the transmissions by WWVB (time service from National Institute of Standards in Colorado Springs, CO)

    The goal is to decide what you can afford to trust and what you cannot. There are methods to keep you from needing to trust too many things. We'll cover some of those methods later.

    ACM@UIUC Main Page