[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: fingerprint of the archive signing key

On Wed, Jun 30, 2004 at 12:35:37AM +0100, Colin Watson wrote:
> > Once you have physical access to the user workstations, you can take
> > those and work up.
> Only if the key security is incompetent, which is inexcusable for a CA.

Firstly: Why do they own these workstations? What purpose do they serve?

If they had nothing to do with the process of creating certificates
then they wouldn't be here.

[I know more or less what they're for; this attack is against the
front-end of the CA - persuading *them* to hand out a certificate
which they should not. When a key is stored in a locked underground
vault, which only one man has access to, you don't break into the
vault - you trick the man].

Secondly: I don't believe in the notion that you can run a company
where all people who have any kind of access are both trustworthy and
reliable, and still be large enough to be relevant. We can't even do
it for governments - why should companies be any different? People get
appointed for the wrong reasons and you just have to deal with it, and
they get lazy because they've been doing this exact same process on a
regular basis for three years and nobody's attacked it yet. It's not
like they're doing anything really important.

An attacker has to win *once*. You have to win *every time*.

  .''`.  ** Debian GNU/Linux ** | Andrew Suffield
 : :' :  http://www.debian.org/ |
 `. `'                          |
   `-             -><-          |

Attachment: signature.asc
Description: Digital signature

Reply to: