BLU Discuss list archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Discuss] Why the dislike of X.509?
- Subject: [Discuss] Why the dislike of X.509?
- From: bill.n1vux at gmail.com (Bill Ricker)
- Date: Mon, 25 Aug 2014 16:06:58 -0400
- In-reply-to: <a7c1366d330261e2ee4906c8d08d0b94.squirrel@mail.mohawksoft.com>
- References: <53F9F6B9.4060505@stephenadler.com> <20140824161132.GE14848@randomstring.org> <be314521ab6bebb6add54d706b042f01.squirrel@mail.mohawksoft.com> <53FA1C3B.70908@gmail.com> <53FB19E5.4080602@aeminium.org> <53FB4A5D.2030305@gmail.com> <CA+h9Qs5GnC6d1ejBQC=crtHwxoDiFWo4Kn+xjt0eiA8Kr733_A@mail.gmail.com> <53FB70E6.50706@gmail.com> <CA+h9Qs5THPNEir7tLZNjzLWMpod=9UGWTSCeZS2nCwVY0Ox=-w@mail.gmail.com> <53FB7F0A.40105@gmail.com> <253113e101a6fc1b75e160dfbd3d0dbe.squirrel@mail.mohawksoft.com> <53FB9325.9010200@gmail.com> <a7c1366d330261e2ee4906c8d08d0b94.squirrel@mail.mohawksoft.com>
On Mon, Aug 25, 2014 at 3:55 PM, <markw at mohawksoft.com> wrote: > No security can withstand privileged access. Yes. But anything with key escrow - or its moral equivalents - is vulnerable in more ways, creates more trouble for adjacent systems. Compartmentalization vs Centralization. Ease of use vs Ease of Administration vs Security. Eternal tensions. Worse, key escrow or PKI CA makes the illicit privileged accessors able to leave rather impressive false evidence against whomever they want. If I break into a system rich has access and create a duplicate key for 'rpieri', I can then access the system remotely as him, and it's him in all the logs, without having to -- Bill Ricker bill.n1vux at gmail.com https://www.linkedin.com/in/n1vux
- References:
- [Discuss] vnc
- From: adler at stephenadler.com (Stephen Adler)
- [Discuss] vnc
- From: dsr at randomstring.org (Dan Ritter)
- [Discuss] vnc
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] vnc
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] vnc
- From: nuno at aeminium.org (Nuno Sucena Almeida)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: jabr at blu.org (John Abreau)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: jabr at blu.org (John Abreau)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] Why the dislike of X.509?
- From: richard.pieri at gmail.com (Richard Pieri)
- [Discuss] Why the dislike of X.509?
- From: markw at mohawksoft.com (markw at mohawksoft.com)
- [Discuss] vnc
- Prev by Date: [Discuss] Why the dislike of X.509?
- Next by Date: [Discuss] Why the dislike of X.509?
- Previous by thread: [Discuss] Why the dislike of X.509?
- Next by thread: [Discuss] Why the dislike of X.509?
- Index(es):
