Monday, October 1, 2007

The No Tricks Blog Name


When I was in grad school, some time ago, my office mate showed me a cartoon of two businessmen - one American and one Japanese. The American was big and fleshy with a cigar, while the Japanese businessman was slender, stylish and alert. The American basically asked "Why are you guys doing so much better than us?". The Japanese businessman is shown extending his fingers and counting off as he says "Your managers are greedy, your workers are lazy, and ...". But before he can finish even just the most obvious reasons, the American interrupts impatiently and says "I know, I know! But what's the trick?"

Marcus Ranum expressed a similar sentiment during a recent interview when he said that IT people will practically do anything to make their network secure except design it correctly. He compared this perverseness to people who will do anything to lose weight except diet and excercise. What's the trick? No tricks.

And last month, John Pescatore of Gartner reiterated his Security 3.0 position that prevention is better than cure, and that we should have a strategy for fixing bugs at source. I take his recommendation, which could easily be made 10 or 15 years ago, as a statement that security professionals need to return to the basics. This will not be particularly useful news for "what's-the-trick?" IT managers, but by now even they must realise that their hats are rabbitless and that their sleeves are aceless. What's the trick? No tricks.

Saturday, September 29, 2007

Entrust PKI v5 Overview



A few years ago now I was working quite intensely in PKI, in particular with the Entrust PKI product suite. The team was having some conceptual difficulties in following the intricacies of PKI and their deployment in Entrust v5 so I wrote an overview document. The paper contains quite a few diagrams and protocol flows, which can help to understand how the product functioned in v5. I had hoped to be given something like this when I attended the formal Entrust training.