A very good point, this is also one of the reasons deploying smart card authentication is difficult as well.
Today people use IP Phones, mobile phones, tablets, desktops, kiosks and more; moving to a "require" solution for authentication requires one have a solution for all of these devices or you increase complexity without the benefit as you have to continue to support the weaker authentication schemes. Ryan -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Phillip Hallam-Baker Sent: Tuesday, February 07, 2012 3:53 PM To: Stephen Kent Cc: Joe St Sauver; [email protected] Subject: Re: [therightkey] Will the real RPF please stand up? On Tue, Feb 7, 2012 at 5:25 PM, Stephen Kent <[email protected]> wrote: > I think there are multiple reasons why client certs have not taken > off, based on 20+ years of experience in the area. We provided a > client cert system for a financial firm in the early 90's. It was easy > to use, bootstrapped from the password-based system that the firm > used. But, because there were no good tools to allow users to move > certs and private keys among client machines, it was eventually turned off. The reason I no longer believe in end-to-end solutions is that the endpoint for a public key is always a machine and the desired endpoint is a person. So what happens is that people talk past each other with engineers developing a scheme that prevents an attack the users don't care about and prevent implementation of controls that they consider essential, like spam filtering. Cardspace fell victim to a similar problem. The system was very secure but users no longer have a single machine that they use. Any scheme that does not take account of the fact that a user must be able to access their account from at lest fifteen different devices, some of which will be mobile and possibly lost is useless in the real world. The military can tollerate such systems because they will order people to use them. S/MIME with a private key shared to fifteen devices no longer looks very secure to me. In practice most email that is sent encrypted is encrypted using TLS. If we had an infrastructure that allowed mail servers to know that their corresponding servers required use of TLS, the man in the middle downgrade attack could be defeated. -- Website: http://hallambaker.com/ _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
