On 18/12/08 17:47, Eddy Nigg wrote:
On 12/18/2008 05:29 PM, Ian G:
Hopelessly unreliable, in my opinion. Crypto will tell you that someone
with "Kathleen's key" made that PDF, but some time later we might
discover that Kathleen now works for Microsoft. Nobody bothered to
replace the key, because it worked.
Well, I think I start to understand some of your (wrong) views about PKI
and cryptography then....
Hilarious!
Why should Kathleen's keys be replaced and why
do you think anybody except Kathleen would be able to sign her
documents? Tssss....Isn't that truly basic?
It is truly basic, it is how business works.
It would start out that a certain PC is designated the place where all
the relevent work is done. (Why this is done and not a net storage I'll
leave as an exercise for the reader.) A single work account is created
that was originally in Kathleen's name. As we know, modern OSs allow
default login, or don't require the user's name. The account is set up
with the keys required.
(BTW, I will say that I am totally speculating and miss-using Kathleen's
good name here. I have no idea how they do it at Mozilla, maybe she
spends her lunchtime factoring large prime numbers for all I know.)
Later on, because Kathleen has to go on holidays (vacations for
americans) and is asked to write down some simple instructions for Karen
who will cover her. Perhaps they work, perhaps not, and perhaps the
local techie has to pop on up and add to them.
Later on again, the instructions are enhanced so that Kevin can also do
the work ... so Karen can go to a conference? After a while, Kathleen
is transferred to another position.
Meanwhile, the PC stays the same. That's where the data is. That's
where the work is done.
Basically, the normal office people have no idea what the PKI model is.
They just want a system that works. If the boss says "follow this
sequence to upload the PDF-with-thingummyjig" then they'll do it.
I believe the current top contender for this was the entire British
health services. From what I know, they issued smart card (with certs)
to all people, and organised all the restricted equipment to have smart
card readers and authorisation lists and so forth. Later on, auditors
discovered that the working practice was for the senior doctors to
insert their smart cards in the most important equipment, and then leave
them in there ...
I'm somewhat at at loss, but do you think the same applies to S/MIME as
well?
"The same" means what, precisely? I have said many times that human
signing should not be done in S/MIME with the S/MIME keys until the
meanings and protocols are sorted out, and clear.
That someone would use another user's S/MIME keys to sign emails? Well,
of course. Secretaries are employed for just this purpose, they always
do letters in their boss's name. If Kathleen has a secretary called
Kevin, then it is entirely plausible that Kevin will manage Kathleen's
keys and Kathleen won't necessarily do anything at all.
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
