|
Trust no one or TNO, is an approach towards internet and software security issues. In all internet communication and software packages where some sort of secrecy is needed, usually some sort of encryption is applied. The Trust No One approach teaches that no one (but yourself) should be trusted when it comes to the storage of the keys behind the applied encryption technology. Many encryption technologies rely on the trust of an external party. For instance the security of secure end-to-end SSL connections relies on the trust of a certificate authority (CA). The Trust No One design philosophy requires that the keys for encryption should always be, and stay, in the hands of the user that applies them. This implies that no external party can access the encrypted data (assumed that the encryption is strong enough). It also implies that an external party cannot provide a backup mechanism for password recovery. Although the philosophy of Trust No One at least assures the reliability of the communication of the user that creates it, in real life and in society many communication means rely on a trust relationship between at least two parties. == External links == * Bruce Schneier on (Trust No One ) * (Blogpost by Dan Blum on Trust No One ) * (Article by Ted Samson on Trust No One philosophy ) * (Transcript of a podcast by Steve Gibson (computer programmer) mentioning "Trust No One" ) 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Trust no one (internet security)」の詳細全文を読む スポンサード リンク
|