Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
TeMPOraL 6 days ago

"Solve things" or actually do something useful, pick one.

If anything, maybe the security community can finally be arsed to consider ad-hoc delegation of authority as a core concept and a basic use case, because that's arguably the primary source of persistent user-level security issues in computing.

In real life, it's absolutely normal to ask random people on the fly to do something in your name, with your credentials - whether that's sending your kid with your credit card for a grocery run, asking spouse to do some bank transfers for you or set up a new computer for you, or asking a co-worker to operate some system. It's the other reason people write passwords on post-its: even without bullshit password strength rules (see xkcd://936), there's still a frequent need to share passwords with people.

Meanwhile, for the past decades, security community has been insisting on tying authority to individuals, and doing everything possible both technologically and socially to prevent authority delegation (except in top tier corporate systems, where this is technically supported, but in such convoluted, complex and broken ways that it may as well not exist - people will still resort to post-its in drawers).

Until this basic concept is recognized, I fear more broad security improvements will only result in more useful work being prevented from happening, and more people-years wasted as users figure out ways to defeat security measures so they can do their actual jobs.

mikewarot 6 days ago | parent | next [-]

In the 1970s my Mom would give me a $20 capability token to exchange in a store for cigarettes, in her name, while she waited withy sisters in the car. I was about 15 at the time, and it was a normal part of life. She never gave me a signed blank check.

Giving $20 to an AI is far safer than giving it your credit card. The effects are limited to $20 of loss.

TeMPOraL 5 days ago | parent [-]

Right. But there's almost no software that supports the equivalent of limited capability tokens, much less casually handing them around. In contrast, in real life, it's a common use case, and we don't usually even bother with capability limits, because it's too much hassle - we rely on trust (part of which is persistent relationship that continues beyond current interaction) + spatial proximity and temporal limits.

I.e. even if your mom handed you her credit card, she was still there in a car nearby (spatial proximity), and was waiting for you there (temporal limit), and she was your mom (persistent trust-based relationship), which is sufficient protection from the risk of you running away and spending her money on hookers.

(How you managed to buy cigarettes as a 15yo is beyond me - or maybe there were no age checks in 1970s yet?)

Coming back: in real life, we don't bother with restricting the access tool, everyone is transiently giving much more access than they need to random things, and expect them to not abuse it. Meanwhile, cybersecurity is mostly stuck in the mindset of passwords being your identity, and being like underwear (change frequently, don't share), and the concept of delegation of authority doesn't exist beyond some enterprise systems. Which is why, in real world, everyone says "fuck it" and just shares passwords as needed.

Melatonic 6 days ago | parent | prev [-]

Are those really things people do all the time ? Not sure I would trust any kid with my credit card

TeMPOraL 6 days ago | parent | next [-]

I didn't say any kid, but rather one's own kid - whether they can or cannot be trusted is mostly a parenting issue, so different people have different experiences.

But yes, me and my siblings would often do grocery runs for our mom, with her card in hands, and I also think nothing of handing my own card to my wife (who already knows the PIN), or mine or her siblings, or even some acquaintances, because I trust them.

The larger point (even larger than my previous comment) is that, contrary to what cybersecurity (and especially cryptocurrency aficionados) community believes, the real world runs on trust. Trust is not a bug, it's a feature - an optimization that makes societies and civilizations scale. Trust has its own limits and structural complexities, it has its ebbs and flows, but it's absolutely vital and systems that do not support it (or try to eliminate it) simply gets worked around. Not out of spite, but out of necessity - otherwise nothing would ever get done.

6 days ago | parent | prev [-]
[deleted]