On Wed, Feb 8, 2012 at 9:06 AM, Stephen Kent <[email protected]> wrote:
So, I don't agree that the distinction between the user and a machine operated by a user is really significant, in the end. (Yes, I am ware of the many security problems that arise because the user doesn't really know what the code is doing, but nothing is perfect.)
I believe that there's a very good reason to separate them. We're going to need to move to a system where we have effectively a separate UID per application, within the overarching user's UID. This is the only effective way to isolate the damage which one application can cause, and the only effective way to audit precisely which application did what damage. This is a recasting of Android's model, where the "user ID" is "the device's controller", and the applications themselves are assigned Linux UIDs so they can't interfere with each other.
I agree that credential portability is essential. [...]
Credential portability is overrated. The real problem is credential equivalence.
S/MIME with a private key shared to fifteen devices no longer looks very secure to me.
S/MIME with a private key stored on a daemon system and unique private keys on each of fourteen accessing clients, on the other hand...
Crednetial portability does not necessarily imply a private key kept in SW in every device.
Credential portability does, however, imply a private key or other authenticator must be handled in SW in every device. Intermittent security is harder than complete security in a sufficiently complex system. -Kyle H
Verify This Message with Penango.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
