Trust no one (Internet security)
This article does not cite any external source. HandWiki requires at least one external source. See citing external sources. (July 2016) (Learn how and when to remove this template message) |
Trust no one (TNO) is an approach towards Internet and software security issues. In all Internet communication and software packages where some sort of secrecy is needed, usually some sort of encryption is applied. The trust no one approach teaches that no one (but oneself) should be trusted when it comes to the storage of the keys behind the applied encryption technology.
Many encryption technologies rely on the trust of an external party. For instance the security of secure end-to-end SSL connections relies on the trust of a certificate authority (CA).
The trust no one design philosophy requires that the keys for encryption should always be, and stay, in the hands of the user that applies them. This implies that no external party can access the encrypted data (assumed that the encryption is strong enough). It also implies that an external party cannot provide a backup mechanism for password recovery.
Although the philosophy of trust no one at least assures the reliability of the communication of the user that creates it, in real life and in society many communication means rely on a trust relationship between at least two parties.
This article does not cite any external source. HandWiki requires at least one external source. See citing external sources. (2021) (Learn how and when to remove this template message) |
Original source: https://en.wikipedia.org/wiki/Trust no one (Internet security).
Read more |