On Mon, Aug 25, 2014 at 3:55 PM, <[email protected]> wrote: > No security can withstand privileged access.
Yes. But anything with key escrow - or its moral equivalents - is vulnerable in more ways, creates more trouble for adjacent systems. Compartmentalization vs Centralization. Ease of use vs Ease of Administration vs Security. Eternal tensions. Worse, key escrow or PKI CA makes the illicit privileged accessors able to leave rather impressive false evidence against whomever they want. If I break into a system rich has access and create a duplicate key for 'rpieri', I can then access the system remotely as him, and it's him in all the logs, without having to -- Bill Ricker [email protected] https://www.linkedin.com/in/n1vux _______________________________________________ Discuss mailing list [email protected] http://lists.blu.org/mailman/listinfo/discuss
