Re: Trust in information security -- How much is appropriate?



On 2010-12-17, Greg Rose <ggr@xxxxxxxxxxxxx> wrote:
In article <iee4e9$qll$02$1@xxxxxxxxxxxxxxxxx>,
Mok-Kong Shen <mok-kong.shen@xxxxxxxxxxx> wrote:
Ken Thompson's paper "Reflections on trusting trust" is probably
well-known to most people. (http://cm.bell-labs.com/who/ken/trust.html)
Whether his sentence "You can't trust code that you did not totally
create yourself" is exaggerated presumably is open to differences
of opinions. (I personally would at least trust a code that has been
and can be repeatedly proved to be correct by program verifications.)

Then you didn't understand his talk.

Agreed. However, his talk was in many ways silly. Could one alter a
compiler as he says-- probably, but without some great advances in AI
I have quite a lot of faith that that compiler could not keep up with
changes in the program, or rewriting of the program. Especially when he
wrote it, the contention that software in the compiler could recognize
any encryption program or rewriting thereof was just silly.

Also, trust is not a binary attribute. There are degrees of trust. If
you only did things in which you had complete trust, you would either
never do anything, or would do everything.






Greg.

.