I know that I’m not very good at keeping secrets. Unfortunately, I also have yet to meet anyone who can tell me a convincing story about how they protect their secrets. As a result, I’ve begun to think that the problem might be hard. This essay is my attempt to understand why this problem is hard and what we might do about it despite its hardness.
These properties are well-known and are reproduced here mainly as an aid to my over-committed memory:
Security principals are usefully defined as entities that can keep secrets (citation needed!) because this is definition provides a good base on which to the question: “how can principal A convince me that xe is not principal B?” (with the answer being: “…by proving to me that xe knows a secret that I know1 that only A knows.”)
economics, safety constraints, common-mode failures, system accidents, adversaries, …
Note: I need to find some more precise words than “know”, “convince”, and “xe” above…↩︎