On Mon, Aug 25, 2014 at 3:55 PM,  <[email protected]> wrote:
> No security can withstand privileged access.

Yes.
But anything with key escrow - or its moral equivalents - is
vulnerable in more ways, creates more trouble for adjacent systems.

Compartmentalization vs Centralization.
Ease of use vs Ease of Administration vs Security.
Eternal tensions.

Worse, key escrow or PKI CA makes the illicit privileged accessors
able to leave rather impressive false evidence against whomever they
want. If I break into a system rich has access and create a duplicate
key for 'rpieri', I can then access the system remotely as him, and
it's him in all the logs, without having to


-- 
Bill Ricker
[email protected]
https://www.linkedin.com/in/n1vux
_______________________________________________
Discuss mailing list
[email protected]
http://lists.blu.org/mailman/listinfo/discuss

Reply via email to