jspωiki
Trust No One

Overview#

Trust No One (TNO) is an approach towards Internet and software security issues.

In all Internet communication and software packages where some sort of secrecy is needed, usually some sort of encryption is applied. The Trust No One approach teaches that no one (but oneself) should be trusted when it comes to the storage of the keys behind the applied encryption technology.

Many encryption technologies rely on the trust of an external Third-party. For instance the security of secure end-to-end TLS connections relies on the trust of a Certificate Authority (CA).

Trust No One design philosophy requires that the keys for encryption should always be, and stay, in the hands of the user that applies them. This implies that no external Third-party can access the encrypted data (assumed that the encryption is strong enough). Trust No One also implies that an external party cannot provide a backup mechanism for recovery.

Although the philosophy of Trust No One at least assures the Confidentiality of the communication of the user that creates it, in real life and in society many communication means rely on a trust relationship between at least two parties.

Trust No One is also often part of Zero Trust systems.

More Information#

There might be more information for this subject on one of the following: