Edward Diener > > Your scheme requires you to put the credentials where an > > attacker can get them in unencrypted form. All an attacker need > > do is terminate your process as soon as it attempts a network > > connection (or intercept its filesystem calls and snapshot every > > file before it is deleted or overwritten). Your scheme requires > > these credentials to be sufficient for someone to do harm. > > Bluntly, your scheme is hopeless from a security standpoint.
> So any scheme which relies on client-server certificates (aka > private-public key encryption) and encrypted data is "hopeless from a > security standpoint" ? No. Any scheme that relies on giving credentials to the same people it is trying to keep them from is hopeless from a security standpoint. > Care to suggest what is not "hopeless from a security standpoint", which > is actually programmable ? A scheme which gives agents only credentials that permit them to do what they are supposed to do and which has no need to hide credentials from their owners. Again, you are trying to hide a customer's credentials from that customer himself. Let me use an analogy. Good: Two houses. Each has a key. People who are allowed into house 1 only get key 1. They cannot get into house 2 because they do not have the key. Bad: Two houses, with a door between them that is always open. People who are only supposed to be in house one get the key to house one, and we try to make it hard for them to find the door between the houses. Maybe, we put it behind some drapes. Or maybe we don't tell them they have a key and they won't notice they're in a house. No proper use of certificates or keys involves hiding the certificates or keys from the very agents who are going to use them. The reason public-key encryption works is because the private keys are not given to those who are not supposed to have them. Not because they are "sort of" given but "sort of" hidden. I cannot impersonate 'www.amazon.com' because I do not have their private key. It is not hidden somewhere in my computer where I might be able to find it. It is not obscured from me. It never leaves Amazon's servers, because Amazon is supposed to have it, not me. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
