Most active commenters

    ←back to thread

    I read the federal government’s Zero-Trust Memo so you don’t have to

    (www.bastionzero.com)
    656 points EthanHeilman | 11 comments | 27 Jan 22 15:06 UTC | HN request time: 0.468s | source | bottom
    1. KarlKemp ◴[27 Jan 22 18:13 UTC] No.30103958[source]
    I’m somewhat unhappy the “zero trust” terminology ha caught on. The technology is fine, but trust is an essential concept in many parts of life[0], and positioning it as something to be avoided or abolished will just further erode the relationships that define a peaceful and civil society.

    0: trade only works if the sum of your trust in the legal system, intermediates, and counterparts reaches some threshold. The same is true of any interaction where the payoff is not immediate and assured, from taxes to marriage and friendship, and, no, it is not possible to eliminate it, nor would that be a society you’d want to live in. The only systems that do not rely on some trust that the other person isn’t going to kill them are maximum-security prisons and the US president’s security bubble. Both are asymmetric and still require trust in some people, just not all.

    replies(7): >>30104178 #>>30104430 #>>30105899 #>>30106409 #>>30106727 #>>30106920 #>>30108257 #
    2. kstrauser ◴[27 Jan 22 18:27 UTC] No.30104178[source]
    The "trust" here largely refers to identity. Do you trust that everyone in your house is your relative, by virtue of the fact that they're in your house? That falls down when you have a burglar. Similarly, is it good to trust that everyone on your corporate network is an employee, and therefore should have employee-level access to all the resources on that network? I wouldn't recommend it.
    replies(1): >>30105036 #
    3. coffeefirst ◴[27 Jan 22 18:45 UTC] No.30104430[source]
    Yeah, it's a terrible name. "Zero Assumptions" or similar might be more clear.

    Words matter. If nothing else, laypersons hear these terms and shape their understanding assuming based on what it sounds like.

    4. KarlKemp ◴[27 Jan 22 19:27 UTC] No.30105036[source]
    No, but I trust the people I regularly interact with and therefore allow them to be in my home. Nobody trusts people just because they happen to be in their home. To the extend that trust can go to “zero”, my fear is it will harm the (existing) first form of trust, which is vital, and have little impact on the stupid latter definition of trust.

    I know tech operates on different definitions/circumstances here. That’s why the word ”zero” is so wrong here, because it seems to go out of its way to make the claim that less trust ks always better.

    Call it “zero misplaced trust” or “my database doesn’t want your lolly”, whatever.

    replies(1): >>30110404 #
    5. krb686 ◴[27 Jan 22 20:20 UTC] No.30105899[source]
    Couldn't agree more on this being bad terminology. Something is always implicitly trusted. Whether it's your root CA certificates, your Infineon TPM, the Intel hardware in your box, or something else. When I first saw this term pop-up I thought it meant something completely different than it does, I guess because of the domain I work in.
    6. userbinator ◴[27 Jan 22 20:48 UTC] No.30106409[source]
    nor would that be a society you’d want to live in.

    100% agreed. My first thought upon seeing the title of the article was "and we trust that you did read it?"

    The term "zero trust" certainly has a very dystopian connotation to me. It reminds me of things like 1984.

    replies(1): >>30108659 #
    7. judge2020 ◴[27 Jan 22 21:09 UTC] No.30106727[source]
    The terminology stems from "zero trusting" the network you're in - just because someone can talk to a system doesn't mean they should be able to do anything; the user (via their user agent) should be forced to prove who they say they are before you trust them and before anything can be carried out.
    8. rodgerd ◴[27 Jan 22 21:23 UTC] No.30106920[source]
    "Zero assumption" would have been a better phrase, but that horse is not just out of the stable, he's met a nice lady horse and is raising a family of foals and grand-foals.
    9. EthanHeilman ◴[27 Jan 22 22:59 UTC] No.30108257[source]
    Minimizing trust should always be a goal of a security system. If you can minimize trust without harming usability, compatibility, capability, security, cost, etc... you should do it.

    When we talk about trust we often mean different things:

    * In cryptography and security by "trust" we mean a party or subsystems that if they fail or are compromised then the system may experience a failure. I need to trust that my local city is not putting lead in the drinking water. If someone could design plumping that removed lead from water and cost the same to install as regular pipes than cities should install those pipes to reduce the costs of a trust failure.

    * In other settings when we talk about trust we are often talking about trust-worthiness. My local city is trustworthy so I can drink the tap water without fear of lead poisoning.

    As a society we should both increase trustworthiness and reduce trust assumptions. Doing both of these will increase societal trust. I trust my city isn't putting lead in the drinking water because they are trustworthy but also because some independent agency tests the drinking water for lead. To build societal trust, verify.

    10. quinnjh ◴[27 Jan 22 23:39 UTC] No.30108659[source]
    No connection really but made me think of bidens tweet @POTUS 8h In 2021, we had the fastest economic growth since 1984. The Biden economic plan is working, folks.
    11. agar ◴[28 Jan 22 03:25 UTC] No.30110404{3}[source]
    I see this as the exact point of the Zero Trust terminology.

    People extend your exact trust assertions to their networks, and bad actors exploit it to effect a compromise. A corporate network cannot be like your home. Zero Trust says that you should assume anything, and anyone, can be exploited - so secure appropriately.

    Per your analogy, what would you do if your invited houseguests, unbeknownst even to themselves, wore a camera for reconnaissance by a 3rd party? What would you do if these cameras were so easy to hide that anyone, at any time, might be wearing one and you couldn't know?

    You would have to assume that anyone that entered your home had a camera on them. You would give them no more access than the bare minimum needed to do whatever they were there to do (whether eat dinner or fix your sink). You'd identify them, track their movement, and keep records.

    Your term, "Zero misplaced trust," assumes that you can identify where to place trust. Did you trust that system you had validated and scanned for 5 years...until Log4shell was discovered? Did you trust the 20-year veteran researcher before they plugged in a USB without knowing their kid borrowed it and infected it?

    Zero Trust is a response to the failure of "trust but verify."