Re: CyberPhone Trust Propagation Was: A $25,000,000,000 PKI

["Anders Rundgren" <anders.rundgren@xxxxxxxxxx>]

Steve,

>It is not the server that grants the user the right to purchase, it is the
>company.  The company can choose to do this in various ways, as described
>in earlier messages.  Your approach introduces added vulnerabilities into
>the system, realtive to a model in which the purchasing agent directly
>controls his/her private key.


But "your" model adds the following security problems when purchasers
that have their purchaser keys and certs in a smart card:

1) Key (card) distribution.  Make sure the right person gets it

2) A need for trust in external software when purchasing outside of the company
premises.  If at all possible for SW reasons.  And logging, what about that?

3) As it probably can take days to get a new purchaser card in case of
loss you may have to "borrow" somebody else's.  Normal human behavior

4) No control of use or abuse until it may be too late.  Non-repudian
is useless if your purchaser made your company go bankrupt



And then "your" model also adds the following PITAs

1) Slow and expensive issuing of cards

2) Hard to get a card if not physically close to the issuer


As I see it, massive issuing and distribution of private keys introduce
security problems that (unlike secure PK-servers and "Thin PKI") do not
have any real solutions.


But I will cease this debate as we are approaching "dead-lock" unless there
are others who seems willing (and competent) to continue. 

Regards
Anders

http://www.mobilephones-tng.com