At 6:52 PM -0500 2/7/12, Phillip Hallam-Baker wrote:
...
The reason I no longer believe in end-to-end solutions is that the
endpoint for a public key is always a machine and the desired endpoint
is a person.
yes, the machine is the endpoint, but machines are always in the loop
for the sorts of transactions we're discussing, unless we're very
restrictive. The EU-inspired PIN pad + display that shows the user a
number representing a value being authorized by a sig is an
exception.)
So, I don't agree that the distinction between the user and a machine
operated by a user is really significant, in the end. (Yes, I am
ware of the many security problems that arise because the user
doesn't really know what the code is doing, but nothing is perfect.)
...
Any scheme that does not take account of the fact that a user must be
able to access their account from at lest fifteen different devices,
some of which will be mobile and possibly lost is useless in the real
world. The military can tollerate such systems because they will order
people to use them.
I agree that credential portability is essential. BTW, the US DoD
operates more like a company with an eye on the bottom line than a
monolithic security-focused organization, as you suggest above :-).
S/MIME with a private key shared to fifteen devices no longer looks
very secure to me.
Crednetial portability does not necessarily imply a private key kept
in SW in every device.
Steve
_______________________________________________
therightkey mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/therightkey
