On Tue, May 30, 2006 at 01:40:39PM -0400, Joe Smith wrote: > Is this really a bad thing? He proved that KSP are bad for the web of trust. > A legitimate attacker could abuse the KSP just as easilly as Martin, but > would result in actual damage, and would most likely not have been caught. Ask yourself: is it a good thing to covertly attack X? Is it good to then publish of the results [1] claiming^Wboasting that you have broken X? Do you really need to be proven that X can be broken? Now change X to "KSP" or "Web server of company Y" or "(your country's) national security servers". What are your answers? In the place I work at, attacks are only done either on your head (that's what attack trees [0] and risk analysis are for) or with the keyboard (or phone) after whomever is in charge of X has asked for, acknowledged and *approved* the attack. Why? Because given enough resources (money, time, you name it) most attacks will succeed against X. So the question is not *if* you can break X but *when* and *how* can you break it. The attack is introduced to see if there could be changes implemented to make it more difficult for a wannabe attacker or to detect an ongoing attack and, consequently, minimise the risk. We are not talking about national security or public safety here, if Martin wanted to prove that attacks against KSPs can happen he could have managed his attack in an open way (as Manoj said "contact management and get their approval") and then use that to enlighten us all. What he did is wrong (and dishonest), even if the end result is "good": these long threads, knowledgeable people discussing the effectiveness of KSPs and non-knowledgeable people getting a clue. You might think that "the ends justify the means" [2], I don't. Regards Javier [0] http://www.schneier.com/paper-attacktrees-ddj-ft.html [1] I will call it "publish" even if it was done in a rather obscure way. Not all developers are required to read Martin's blog, they are only required to read d-devel-announce [2] Google found this Wired article for me, which is nice: http://www.wired.com/news/politics/0,1283,58082,00.html
Attachment:
signature.asc
Description: Digital signature