RE: Security Re: Caching Servers Considered Harmful

Fisher Mark (FisherM@is3.indy.tce.com)
Tue, 23 Aug 94 08:24:00 PDT


Phillip Hallam-Baker writes in <9408231005.AA10872@dxal18.cern.ch>:
>The Shen proposal includes a tag Prohibit: Which may be used to forbit the
>caching, copying or whatever of a document. This is orthogonal to any
other
>protection provided (eg encryption). As well as the cache problem there is
>also the printing/saving problem. Why bother to complain about the cache
>if a user can always save the page? Disabling of such facilities and of
>Windows cut'n paste should be mandated by a Prohibit: Copy tag. Printing
>may be considered orthogonal, I may allow a user to print a single copy of
>a document but not wish it to be saved on disk.

In my experience (which includes maintaining copy-protection code back in
the "floppy-disk days" of PCs), once data in is "user space" you have
already lost the battle. You can make it arbitrarily hard for people to
copy the data; but if they can read the data in some fashion, it can be
decoded to plain text. The hardest cryptographic/coding technology to crack
is the one-time pad, which raises the barrier considerably by using a
different code for each message. It is also such an awful pain to create
and maintain one-time pads that they are only used for absolute top-level
classified information (the "burn before reading" stuff).

To make a long story short (too late! :)), the only security that can really
work is security in the OS, where it is assisted by the hardware. If you
can't read the data, it makes it very hard to decrypt/decode it...
======================================================================
Mark Fisher Thomson Consumer Electronics
fisherm@indy.tce.com Indianapolis, IN

"Just as you should not underestimate the bandwidth of a station wagon
traveling 65 mph filled with 8mm tapes, you should not overestimate
the bandwidth of FTP by mail."