Firewall Wizards mailing list archives
Re: PKI is the pits?
From: Bennett Todd <bet () rahul net>
Date: Thu, 14 Oct 2004 16:36:01 +0000
I've been around many deployments, some were fine successes, others were nasty. I like to sum up the problem as "trust doesn't scale". If you've got a specific problem to address, you understand the clients and servers and how they work, you take care to deploy, test, and maintain a good working CRL, and your expectations don't run away from you, PKI can work fine. Note that the security of the resulting system, no matter how well designed and deployed, is strictly limited by the security of the keystores. More secure == harder to deploy and maintain, scaling up steeply. But too many people get carried away, believe PKI will give them a complete single-signon solution and solve all their authentication concerns; they come away burnt. -Bennett
Attachment:
_bin
Description:
Current thread:
- PKI is the pits? Christopher Hicks (Oct 14)
- Re: PKI is the pits? Bennett Todd (Oct 14)
- RE: PKI is the pits? Eugene Kuznetsov (Oct 17)
- RE: PKI is the pits? Marcus J. Ranum (Oct 17)
- PIX Books Shimon Silberschlag (Oct 22)
- Re: PIX Books Josh Welch (Oct 22)
- Re: PIX Books greg padden (Oct 22)
- Re: PIX Books Matthew Powell (Oct 25)
- RE: PIX Books sci-admin (Oct 30)
- RE: PKI is the pits? Eugene Kuznetsov (Oct 22)
- RE: PKI is the pits? Marcus J. Ranum (Oct 17)