From: fc@all.net (Dr. Frederick B. Cohen)
To: cypherpunks@toad.com
Message Hash: cde1f2f973eb374aca158cbd799ecdf77ef9ccb75ed5ca73cbfbd6c91f0b47c1
Message ID: <9511020130.AA17317@all.net>
Reply To: <199511011907.OAA16631@opine.cs.umass.edu>
UTC Datetime: 1995-11-02 02:38:22 UTC
Raw Date: Thu, 2 Nov 1995 10:38:22 +0800
From: fc@all.net (Dr. Frederick B. Cohen)
Date: Thu, 2 Nov 1995 10:38:22 +0800
To: cypherpunks@toad.com
Subject: Re: [FRED] Anonymity and Integrity
In-Reply-To: <199511011907.OAA16631@opine.cs.umass.edu>
Message-ID: <9511020130.AA17317@all.net>
MIME-Version: 1.0
Content-Type: text
> My turn to rise to the bait...
>
> Dr. Frederick B. Cohen writes:
> > I have been thinking about the issues of anonymity for some time, and I
> > have been convinced for some time that you can't have both integrity and
> > anonymity.
>
> What's your working definition of "integrity" in this context ?
Integrity:= 1) Steadfast adherence to a strict moral and ethical code.
2) A state of being unimpaired; soundness.
3) The quality or condition of being whole or undivided; soundness
Also) soundness, completeness,
Alternatively:
1) Strict personal honesty and independence...
2) Completeness; unity...
3) The state of being unimpaired; soundness...''
In this context, I might be misinterpreted as having meant that it is
impossible to have both integrity and anonymity. That is not what I
meant, although it is probably also true in a very strict sense.
To clarify, I don't think you can assure integrity when you have anonymity.
This follows from my earlier writings (circa 1984-89), which are fairly
extensive, and in which I made the only marginally supported claim that
you can't have (i.e., assure) both integrity and secrecy in a system
with sharing. This came originally from the result that integrity +
secrecy = no sharing (ala the combination of Biba and Bell-LaPadula)
which was extended into a POset which characterizes the extent to which
integrity and secrecy can be maintained based on transitive information
flow.
The less mathematical reasoning is that in order to be able to verify
integrity, you have to be able to examine the information that is
secret, while having secrecy requires that you not be able to have
independent verification. Thus the two limit each other.
Anonymity, in this copntext, can be thought of as secrecy.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236
Return to November 1995
Return to “shields@tembel.org (Michael Shields)”