[Discuss] Why the dislike of X.509?
Bill Ricker
bill.n1vux at gmail.com
Mon Aug 25 16:06:58 EDT 2014
On Mon, Aug 25, 2014 at 3:55 PM, <markw at mohawksoft.com> wrote:
> No security can withstand privileged access.
Yes.
But anything with key escrow - or its moral equivalents - is
vulnerable in more ways, creates more trouble for adjacent systems.
Compartmentalization vs Centralization.
Ease of use vs Ease of Administration vs Security.
Eternal tensions.
Worse, key escrow or PKI CA makes the illicit privileged accessors
able to leave rather impressive false evidence against whomever they
want. If I break into a system rich has access and create a duplicate
key for 'rpieri', I can then access the system remotely as him, and
it's him in all the logs, without having to
--
Bill Ricker
bill.n1vux at gmail.com
https://www.linkedin.com/in/n1vux
More information about the Discuss
mailing list