Re: Expired certificate

[bk <chort0 () gmail com>]

On Jul 22, 2010, at 10:12 PM, Marsh Ray wrote:
> On 07/22/2010 10:40 PM, Dan Kaminsky wrote:

> > There are fundamental sources of these failures that are not just
> > "people are stupid".  Remember the tales of failed +$100M PKI
> > deployments around the turn of the millenium?
>
> I can imagine a PKI project failing.
>
> But failing after $100M is spent can be only explained by business 
> management problems. This is not a space program we're talking about 
> after all, the PKI technology just isn't that risky.

It's not that it's risky, it's just that the techy people got all carried away with how it should work technically, and 
by the time they rolled it out to actual workers they realized that it was a usability disaster.  No one is going to 
deal with that big of a disruption to how they perform their work on a daily basis.  The biggest, grandest schemes 
always get torpedoed by the smallest human problems.

So far as I know, the only environment PKI is really widely adopted in is the military, because they get to say "you 
WILL use this smartcard, soldier!  YOU HAVE A PROBLEM WITH THAT?"  Private sector workers can just say "Hah, I'll call 
that head-hunter back."  Soldiers?  Not so much...

> > Why do you think so much money got spent?
>
> Consultants!


Consultants:  The people you call when you just can't admit the requirements were ridiculous, but are willing to burn a 
few million more dollars proving it conclusively.

> The worst idea I've ever heard is probably this:
> http://news.techworld.com/security/3228198/obama-internet-kill-switch-plan-approved-by-us-senate/?olo=rss

Should go without saying.  Oops.

--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/