The Key that Unlocks Esperanto
As any student or traveler can attest, learning a new language is hard. How about making one up?
Esperanto will take over Lille, France this summer. Esperanto will be the backbone of discussions, debates and entertainment at this event in the north of France, a place quite prideful of its own language. The linguistic oddity that is Esperanto was one person’s vision in the 1880s of a unifying, global language. It has survived world wars, mistrust and the era of “OMG”. Unlike the languages bubbling out of “Star Wars” or “Lord of the Rings”, it’s not propelled by an entertainment component. Esperanto is also spoken by a relatively small number of folks.
I was drawn to reading up on Esperanto from my unabashedly nerdy love of code and programming languages. (The broad appeal of code has teachers pushing for students to “speak” in terms of hardware and software as a language education imperative.) In an industry plagued by made up norms and half-baked standardization, the security side of coding and programming shouldn’t lose sight of its intentions in creating a computerized parallel to Esperanto.
In encryption key management, a “language” I feel fairly fluent in, I fear that for many users we’ve replaced flow and communicative elements with a whole bunch of ways to swear and confuse. There is an inherent problem with mass, single instances in the security field when it comes to encryption keys. To get around that, we create multiple, obscured copies of keys to encrypt and decrypt information that needs to be secured. That is starting to add up to a lot of keys for some businesses – and a lot of stress. In looking at how businesses in the U.K. were handling the avalanche of keys, Techworld wrote: “once the bedrock of security, keys and certificates now elicit anxiety. This is perhaps not surprising given the growing number of attacks in which they have been compromised or undermined in a more general way by vulnerabilities such as last year’s Heartbleed. The average U.K. organization in the survey tended 25,500 keys and certificates, with 4 percent of IT staff saying they had no idea where all of this was kept.”
When a key becomes easy to use, it sometimes becomes too easy, opening up security gaps like those exposed recently with one RSA key. When it’s too hard you get things like a product we recently saw advertised that touted so many keys that it comes with a feature for a key manager manager. Or, more likely, end users and knowledge workers avoiding encryption whenever possible, including when it’s necessary.
As much as people fret and flaunt the encryption side of security, it’s the keys which make that function intelligent. Tilt the equation in either direction and you’ll nullify the reason your company is using encryption in the first place. Right now, we’re coming across a lot of businesses big and medium-sized going the route of the Key Management Interoperability Protocol, or KMIP. It’s not a perfect communications standard, but it at least allows for secured options within encryption practices. Languages that thrive tend to create new ways to share without removing the backbone of communication. How many slang terms do we use in mainstream discussions?
While subtle, our key management dialect could benefit from strengthening what works and easing on the standardization of faulty or abused methods. And you know what they say: you can’t encrypt in Esperanto. At least I think that’s what they say. My Esperanto is rusty.
Can encryption key management learn something from the seldom spoken language of Esperanto? (Esperanto flag image courtesy of Wikipedia.)