On 5/10/05, Jean-Marc Desperrier <[EMAIL PROTECTED]> wrote: > Ram A Moskovitz wrote: > > On 5/9/05, Jean-Marc Desperrier <[EMAIL PROTECTED]> wrote: > >>They can not truly attack the signature, so they will in fact attack the > >>registration process. We have been warned here several time it will not > >>resist so much when *actually* under attack. > > > > Personally I've been warned of many things by many people. I am > > selective in what I take as fact and further I believe that a dynamic > > system may change to reflect reality. > > I could be critical too if I didn't think it makes sense. > > What if I say Bruce Schneier also says similar things ? > "Identification and Security" > http://www.schneier.com/crypto-gram-0402.html#6
I often but not always agree with Bruce. I happen to agree with most of that particular rant and believe that most of the steps taken in the US since 9/11 did more to sooth American's worries than to address security - both of which are legitimate goals. I think of PKI as an imperfect security tool, it's there and you can use it effectively if you're sensible about it. Using certificates properly (with chain building, signature checking, expiration checking, revocation checking) raises the fence quite broadly - of course without checking the signatures or revocation much of potential value is ignored. Increasing identity authentication before issuing a certificate makes it harder to get a certificate and so increases the risk of bad guys leaving a trail back to them, suggests a lower revocation rate which may mean it is cheaper to operate the service and in a competitive market you would expect prices for the service to drop overall, and drives would be bad guys to try other vectors. Generally I think that layers of imperfect security should be used to reach the level of risk-mitigation that is appropriate. Perfect security is a myth in most real world scenarios and even when possible is probably more of an economic burden than a few imperfect solutions that layer well. PKI is here today and usable - why ignore that? _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
