[Discuss] Why the dislike of X.509?
Richard Pieri
richard.pieri at gmail.com
Tue Aug 26 13:17:54 EDT 2014
On 8/26/2014 1:01 PM, markw at mohawksoft.com wrote:
> There is no such thing as a security system that has "one" entity, well,
> perhaps a stone or a brick. There is *always* at least one mechanism that
> protects and one mechanism that provides access.
An example is a code signing key. In a shared system, many agents
possess copies of this key. Each agent is an entity. Each of these
entities is a single point of compromise.
In a distributed system, the code signing key is split and distributed
among several agents. Again, each agent is an entity. Since no one
entity has the entire key the compromise of one entity cannot compromise
the whole key and thus the whole system.
Does the explanation make sense?
--
Rich P.
More information about the Discuss
mailing list