next up previous
Next: Are shared infrastructures workable? Up: Trade and Industry Issues Previous: Implications for the legal

General lessons for professional practice

Had this been done, then I believe it would have become quite obvious that trust structures outside of central government are not simple hierarchies. People have multiple professional, commercial and personal trust relationships, which can interact in extremely complex ways. These interactions have not been seriously studied yet by the security engineering community, yet an understanding of them will be essential to building effective and resilient systems.

In the meantime, the best course of action open to system builders is to provide the most general and flexible trust mechanisms available. The government programme to escrow all keys with a small number of central escrow agents is pushing in exactly the opposite direction, and for an obvious reason: if there are many centres of trust (as there are at present in the paper world) then inevitably some of these will be corrupt and will attract business as a result of this. Mafia-influenced law firms spring to mind.

But infrastructure corruption is a fundamental problem of human society and it is foolish for governments to believe that a technical `fix' is available. In particular, the current attempts to solve it by centralising trust will fail, as they swim against the technological tide; but in the meantime they promise to be a considerable hindrance to realising the benefits promised by the information revolution. They will also be completely unacceptable to the professions once their implications are understood.

Ross Anderson
Tue Oct 21 11:00:05 BST 1997