On 12/18/2008 10:16 PM, Ian G:
It is truly basic, it is how business works.
Your assumptions are a non-starter for me. Having worked myself in
various organizations from small and to big (1000+), what you suspect is
completly foreign to me, not common practice for IT personnel (in
particular) and bad practice not performed in structured corporations in
general.
More than that, you claimed in your original mail, quoting:
"..some time later we might discover that Kathleen now works for
Microsoft. Nobody bothered to replace the key, because it worked."
...which is completly crap. What makes you assume that she even works at
a physical "location" called Mozilla. What makes you assume that she
doesn't use here very own computer, hasn't her own login credentials,
doesn't use passwords for the security devices. Maybe she uses a smart
card at all. And what makes you assume that she doesn't know to care
about her keys. She is a professional having worked in this industry...
If we assume all the bad habits and worst practices in relation to PKI,
then I will be able to smash any other solution you bring up in the very
same way. You have not yet proved anything, not brought up one better
solution to what is done here.
Besides that PKI doesn't intend to solve the nature of humanity,
everything above could be labeled as bad practice and beyond the scope
of PKI, anything else would most likely fail the same...Duuuhhh,
"somebody else signed a document with my private key", what an argument
proving the failure of PKI in general and makes signing of documents
unreliable (as you claimed)!
"The same" means what, precisely? I have said many times that human
signing should not be done in S/MIME with the S/MIME keys until the
meanings and protocols are sorted out, and clear.
You haven't even convinced me of "the" problem yet. Which protocol would
you like to fix exactly? What is your solution which has the slightest
chance to work better? I'm interested to hear.
That someone would use another user's S/MIME keys to sign emails? Well,
of course. Secretaries are employed for just this purpose, they always
do letters in their boss's name. If Kathleen has a secretary called
Kevin, then it is entirely plausible that Kevin will manage Kathleen's
keys and Kathleen won't necessarily do anything at all.
Yes, and if my grandmother would have wheels she would be probably a
Ferrari.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
