Authority vs. The Web of Trust

Almost every security system on the Internet has at its core an element of trust. When you point your browser to Bank of Money, how do you know you’re talking to the real Bank of Money and not some impostor? Once you’re certain that the machine on the other end is genuine, your browser can set up a secure connection and keep others from listening in. But that first step, when they have to prove they are who they claim to be, is a problem.

The way Bank of Money proves their identity is by passing to you a special encrypted file that says who they are. But how do you know that certificate file is genuine? Because someone else made the file and they can verify that it’s legit. That “someone else” is a Certificate Authority, and your browser is trained to trust a handful of these companies implicitly. You might have heard of VeriSign, for instance. Bank of Money can go to VeriSign, provide information (and money), and after VeriSign carefully screens the application to make sure it’s really coming from Bank of Money, issues them a certificate.

When you connect to Bank of Money, your browser goes, “oh, hey, VeriSign says this certificate is the real thing,” and you’re good to go.

Unless, of course, the Certificate Authority is controlled by an evil government. Or if a CA gets hacked. Or if a CA is just sloppy. And the crazy thing? If any one of the Certificate Authorities trusted by your browser is compromised, you can’t trust any connection, no matter where the original legitimate certificate came from.

And, well, that has happened. The two cases I know about seem to have been aimed at Iranian dissidents, but it is no exaggeration to say that all of e-commerce depends on the integrity of the Certificate Authorities. That integrity has proven to be shaky lately. Each CA is a separate point of catastrophic failure for e-commerce.

And the pain goes both ways. Let’s say for a moment that Bank of Money got their certificate from DigiNotar. DigiNotar got hacked, wasn’t forthcoming, and lost their ‘automatic trust’ status in most browsers (which is a reason to accept all those annoying browser updates – they might be quietly blacklisting known fraudulent certificates). Even though Bank of Money did nothing wrong, now none of their customers can make a secure connection. The browsers don’t trust their DigiNotar certificate anymore. For good reason. They lose, you lose, I lose.

Is there an alternative to Certificate Authorities? Practically speaking, probably not. But there is another way to establish the legitimacy of Bank of Money’s certificate. If someone you know personally and trust says that BofM’s certificate is valid, then you can choose to trust it, too. Once you decide it’s legit, and confirm it for yourself, you can put your own stamp on it, and then people who trust you can feel confident as well. It’s not about some central authority, it’s about people you know and trust.

If some bogus entity tries to jump in with their own certificate, it won’t have the endorsement of you or your pals on it. You won’t be fooled, and neither will anyone else.

This model is called the Web of Trust. A certificate is only as good as the collection of endorsements it has built up. Bogus certificates (theoretically) have a much more difficult time taking hold. If I was an Iranian dissident, for example, I’d be very, very conservative about which certificates I accepted and endorsed. There’s a pretty good chance that people died as a result of DigiNotar being hacked. The major browsers accepted the false certificates without blinking, and the government read everything the dissidents said.

Bank of Money would love an alternate system that didn’t cost them a lot of money, and protected them from blacklisting because someone else messed up. The problem, if you’re an institution like that, is getting started. You can’t just wait for your certificate to gain acceptance organically before your Web portal becomes useful. To get going quickly you need one powerful, trusted person to vouch for your certificate, someone everyone else will believe. That’s what a Certificate Authority is, and they’re built into your browser, so that you have to go out of your way not to believe them.

Yet, if the Web of Trust were well-developed, new certificates would spread very quickly. If we all had three or four people we trusted, and a bunch more we sort-of trusted (so that if several of them said a certificate was legit, we’d be OK with it), then BofM’s certificate would percolate through the WoT pretty quickly.

But what if none of your trusted people used Bank of Money, so never endorsed its certificate? You can extend your search for endorsement further, and decide for yourself how comfortable you are. This is where a centralized Certificate Authority can come in β€” you can choose to accept their endorsement if your personal Web of Trust doesn’t cover that certificate. It’s entirely up to you. Not like now.

And, sure, at first people would get fooled. There will be people who endorse certificates lazily. There will be fake people created just to endorse certificates. Iranian dissidents will not be fooled, however. When something inevitably goes wrong, the sloppy people will no longer be trusted, and will learn not to trust people they don’t know. Speaking personally, I already know who my trusted folk would be β€” I have friends who would take responsibility for their endorsements very seriously, both out of pride and a sense of social responsibility. Shit, I can think of five without even breaking a sweat, and that’s plenty. You know a couple of people like that, too. Ask yourself: Would you rather trust them or a big company in it for the money and subject to political fiat?

This might be the definition of ‘neighbor’ for the information age.

So, people of planet Earth, we have a chicken-and-egg problem. Bank of Money isn’t going to depend on a Web of Trust that doesn’t exist yet. Most of their customers aren’t going to bother building the WoT, because none of the institutions they interact with use it. I talk about the Web of Trust, but I haven’t done much about it myself. We need a catalyst. I just hope it’s not the collapse of the Certificate Authority system, and the disruption that would cause.

I’ll talk more about how we can all work together to build the Web of Trust in a later episode. The takeaway today: We need it. Prepare to do something about it. It won’t be as simple as it ought β€” something I plan to bring up at work.

A New Toy

When I got home from work today, I was beat. Plum tuckered out. I came in, hugged my sweetie, and plopped in front of the computer. Then she told me about the package in the living room. Suddenly I had a new burst of energy, and I spent the evening photographing stuff around the apartment. Anything that would hold still, really.

You see, there’s a camera lens I’ve been looking at for a long time. Sometimes I’ll even look in on eBay to see if one is going for less than usual. Last week, I found one at a good starting price. No one had bid. It was a few hours before the auction ended, but for stuff like that all the action happens in the closing seconds. Still, I set an alarm for a couple of minutes before the auction ended. If I wasn’t busy doing something else, I’d look back in and watch the action.

No one had bid. Time was winding down and no one at all had bid on the lens. It was more than I could afford, more than I had any business spending. The seconds ticked down in red digits. An appeal to my sweetie followed, hoping for reason but dreading reason far more. My finger was on the button, ready to pounce.

I bid. I won. I have a new lens. It’s awesome.

A little camera geekery: photography is filled with numbers, and this lens has one eye-popper: f/1.2. The smaller the number, the ‘faster’ the lens – the more light it gathers in a given period of time. 1.2 is a very small number, meaning this lens can open way up and take in a lot of light. That in turn means it works very well in low-light situations. That can be really handy when it’s not practical to lug lights to where the action is. There’s another side effect of this gaping aperture, and that is that the depth of focus can be very, very shallow.

Depth of Focus is a little tough to explain because we don’t experience it with our eyes – they are constantly refocusing on whatever we’re interested in at the moment. But the concept is really simple. When things are too close to the lens, they go out of focus. Too far, out of focus. Then there’s a middle range where the picture is sharp. With some lenses that middle range is so huge that pretty much everything is in focus, unless it’s really close. That’s a good quality on an instamatic with fixed focus. The lens trades off in other ways to get that effect, but for taking pictures at the beach it works pretty well.

My new lens is at the other end of the spectrum. Consider these two pictures I took while sitting a few feet back from my desk (you can click to see them larger):

my mug, focused on the front of the rim

my mug, focused on the front of the rim

my mug, focused on the back of the rim

Even from a few feet away, the depth of focus is maybe three inches. Those candles are about four inches behind the mug.

Why would anyone want a lens with such a restriction? Holy carp, it can be pretty tricky to get the focus just right when there’s so little room for error. You could seriously get one of your subject’s eyes in perfect focus, but not the other.

But look how the mug is not lost in the clutter of my desk. Those are pictures of my mug, and nothing else gets in the way. I have pictures of rock stacks on rocky backgrounds, and headstones in a cluttered graveyard that could really have benefitted from this technique. When things are similar color or texture as the background, focus can make all the difference.

My sweetie was laughing at me as I drifted around our apartment, which is currently in a state upheaval for our move, taking pictures of this and that. I wanted something sparkly. I found it in the living room, where this teddy bear also lurked.

My first portrait subject with my new 85mm lens.


It’s not just that things are out of focus, it’s that they’re beautifully out of focus. Note how deliciously soft the candles are behind my mug. In this shot, I had to choose what point on the bear’s face I wanted to focus on – note that the closer ear is in the soft-focus zone.

Why did I want sparklies? It’s a good way to show the bokeh, or the characteristic of the way the lens blurs the image. My new lens is carefully built to provide smooth, circular bokeh. This is a function of the way the aperture control works – the dots are actually projections of the iris mechanism inside the lens. Often they are hexagonal or another geometric, unnatural shape. It’s most obvious for the sparkles, but it affects the rest of the shot more subtly as well.

I’m sure that somewhere in my great heap o’ pictures I have some that demonstrate other bokeh, but I’m not sure where. I could go digging, but tonight is about the new lens.

The new, awesome lens.

2