Trust no one (Internet security)
Trust no one (TNO) is an approach towards Internet and software security issues. In all Internet communication and software packages where some sort of secrecy is needed, usually some sort of encryption is applied. The trust no one approach teaches that no one (but oneself) should be trusted when it comes to the storage of the keys behind the applied encryption technology.
Many encryption technologies rely on the trust of an external party. For instance the security of secure end-to-end SSL connections relies on the trust of a certificate authority (CA).
The trust no one design philosophy requires that the keys for encryption should always be, and stay, in the hands of the user that applies them. This implies that no external party can access the encrypted data (assumed that the encryption is strong enough). It also implies that an external party cannot provide a backup mechanism for password recovery.
Although the philosophy of trust no one at least assures the reliability of the communication of the user that creates it, in real life and in society many communication means rely on a trust relationship between at least two parties.
External links
- Bruce Schneier on Trust No One
- Blogpost by Dan Blum on Trust No One
- Article by Ted Samson on Trust No One philosophy
- Transcript of a podcast by Steve Gibson (computer programmer) mentioning "Trust No One"