Share this page!

iang Profile picture
Twitter logo
23 Oct, 10 tweets, 8 min read
@Steve_Lockstep @joerosato @csuwildcat sorry, it’s 50 mins long, I don’t watch much video, so speaking from generalisms and hints:

As a term, PKI suffers the same problem as ‘identity’ - it means different things to different people. Consequently, as a sector, it’s totally unreliable as a term. It can mean...
@Steve_Lockstep @joerosato @csuwildcat Use of Public Key cryptography in a technical system - that’s the PK part dominating. OR

Infrastructure around PKs to make the PK do or mean something. OR

Identity system based on PKI, implying use of private key is proof of person. Or...
@Steve_Lockstep @joerosato @csuwildcat X.509-based PKI which locks in a particular technology *and* a set of meanings/doings which don’t work *and* a set of companies that extract rents for little benefit, which extraction works a treat.

So, 1st order question is, what is this person meaning when using the term PKI?
@Steve_Lockstep @joerosato @csuwildcat Without understanding that, it’s unlikely you’ll make much headway because everyone will be talking at cross-purposes.

But even then when you’ve established what the term means in this context, you have to also deal with an insidious problem:

2nd order question:...
@Steve_Lockstep @joerosato @csuwildcat What is the chance that some other meaning of PKI will be imposed over you later on? By some other group that believes in their PKI?

This occurs typically with X.509, which has been pushed by a particular sector as the one and only PKI.
@Steve_Lockstep @joerosato @csuwildcat It comes in after the agreement phase, when you get to building and standards. Most of the tech out there, and all of the standards assume X.509-based CA style activity. So your techies, your suppliers, your browser manufacturers are already aligned with this way, and...
@Steve_Lockstep @joerosato @csuwildcat death by a thousand cuts to whosoever tries to bypass this.

This would be ok if it worked. But it doesn’t work. It only succeeds more or less in its very narrow claimed case. Anything else, it’s just not up to the job.

So let me ask - what did they mean by PKI?
@Steve_Lockstep @joerosato @csuwildcat Coming back to Microsoft - they’re generally ahead of the curve when it comes to Identity - see the 2000s and Stefan Brands, Kim Cameron’s 7 “laws” of identity.

But they’ve never been able to make it work, and the primary reasons is the normal one...
@Steve_Lockstep @joerosato @csuwildcat Identity is a human thing, and PKIs in all their forms are built by technologists, so they are tech-problem forcused. Doesn’t work.

Hence DIDs are basically an expression of Private/public key identifiers for people. Former part is “more important” than the latter.
@Steve_Lockstep @joerosato @csuwildcat Eg, self-sovereign is a reaction to privacy problems of big data. “I know, I’ll make everyone own their data! They will be sovereign.”

Also doesn’t work. None of these programmes will go anywhere until the techies stop being techies and start focussing on society and humans.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with iang

iang Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @iang_fc

iang Profile picture
21 Oct
OK Twitter is censoring the original link to that article which is on a web site called strategic hyphen culture dot org.
Here is the response if the website strategic hyphen culture dot org is included in the Tweet:
Here’s the part I wanted to highlight, which is important!

💥 "The prize that America truly seeks is to seize for itself over the coming decades, all global standards in leading-edge technology, and to deny them to China.” 👈 👆
Read 5 tweets
iang Profile picture
17 Aug
A rant on the USA Election. If you’re uninterested you know what to do.

zerohedge.com/political/aoc-…

As we move closer to November, it’s somewhat non-controversial to say this USA election is the most divisive in living memory. I at least can’t recall one as divisive. 1/34
Reasons are obvious but I want to point out one reason that isn’t obvious, it’s the “NEVER TALK ABOUT…” rule.



zerohedge.com/political/fec-…

I’ve in the past alluded to this - the opening of Pandora’s box in the 2016 USA election. 2/34
Few have picked up on it, so to save some 150 million or so American voters some angst, it’s worth surfacing. Here’s the QUESTION:

Who’s hacking the USA election?

zerohedge.com/political/durh…
3/34
Read 34 tweets
iang Profile picture
9 Feb
This is a great research attack on a SWIFT-using payment institution (likely a British bank allowing the research to be conducted).

But I was struck by how the architectural flaw leapt out and screamed HIT ME HERE! 1/
Here’s the flaw: SAC is a flag that says signature verification and RMA (Relationship Management Application) authorisation and verification was successful.

Let me say that more clearly: SAC says verification is done. 2/ Image
The flaw is this: the SAC isn’t the authorisation - it’s a flag saying there was an auth. Which means, in short SWIFT messages do not carry any role-based authorisations.

They might be authorised, but it’s like they slapped a sticker on to say that.

Not good enough. 3/17
Read 19 tweets
iang Profile picture
1 Jan
Thoughts on momentum accounting financialcryptography.com/mt/archives/00…

I see a connection between Ijiri’s momentum accounting and cryptographic receipts, both called triple entry, so I'll try and draw it out. 1/10
Ijiri's third entry is a derivative of two successive accounting entries, making it like momentum in physics. Therefore, he suggests, we could in effect use this 'calculus' technique on accounting records to predict the future direction of activity. 2/10

warrenhenke.com/writing/essays…
altho everyone wants to know the future, I am not comfortable with the notion that you can measure momentum by doing a 'calculus' over accounting records. As his third entry is derivative information, I suspect that its conceptual value (use) is limited by fraud / deception. 3/10
Read 11 tweets
iang Profile picture
15 Oct 18
10 years ago I annoyed the entire crypto-supply industry:

Hypothesis #1 -- The One True Cipher Suite

iang.org/ssl/h1_the_one… 1/7
The One True Cipher Suite was born of watching projects and groups wallow in the mire of complexity, as doubt caused teams to add multiple algorithms- a complexity that easily doubled the cost of the protocol with consequent knock-on effects & costs 2/7
The One True Cipher Suite was widely ridiculed in crypto and standards circles. Developers and standards groups like the IETF just could not let go of crypto agility. This sacred cow led the TLS group to field something like 200 standard suites 3/7
Read 7 tweets
iang Profile picture
3 Apr 18
David Chaum: imagine 35 and a half years ago...
The NSA was trying to block all public research in cryptography. This was disturbing to graduate students in Berkeley, the home of free speech.
...in the front row were all the NSA people, only listing addresses as Maryland.

"By paying $100 to come to this conference you have become a member of the International Association for Cryptological Research."
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @iang_fc