On Wed, Jun 30, 2004 at 12:35:37AM +0100, Colin Watson wrote: > > Once you have physical access to the user workstations, you can take > > those and work up. > > Only if the key security is incompetent, which is inexcusable for a CA. Firstly: Why do they own these workstations? What purpose do they serve? If they had nothing to do with the process of creating certificates then they wouldn't be here. [I know more or less what they're for; this attack is against the front-end of the CA - persuading *them* to hand out a certificate which they should not. When a key is stored in a locked underground vault, which only one man has access to, you don't break into the vault - you trick the man]. Secondly: I don't believe in the notion that you can run a company where all people who have any kind of access are both trustworthy and reliable, and still be large enough to be relevant. We can't even do it for governments - why should companies be any different? People get appointed for the wrong reasons and you just have to deal with it, and they get lazy because they've been doing this exact same process on a regular basis for three years and nobody's attacked it yet. It's not like they're doing anything really important. An attacker has to win *once*. You have to win *every time*. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature