RE: RFC 2527 Physical Security Controls Question

[BalluffiF@xxxxxxxxxx]

Timothy,

I challenge your notion that high security equals lethal defense. A private
key used to sign certificates is very different than a stealth aircraft. I
may not be able to revoke a stealth aircraft that falls into the hands of an
adversary.

Frank Balluffi
CertCo

-----Original Message-----
From: TMetzinger@aol.com [mailto:TMetzinger@aol.com]
Sent: Tuesday, December 14, 1999 8:23 PM
To: ietf-pkix@imc.org
Cc: pki-twg@csmes.ncsl.nist.gov
Subject: Re: RFC 2527 Physical Security Controls Question


John Kennedy and Lynn Wheeler both made excellent points about the potential

need for absolute top-grade physical security in a commercial CA operation.

It all seems to come down (as always) to risk assessment and balancing the 
cost of security against it's benefits.

In the commercial world, especially in the financial and medical sectors,
the 
potential liability for a CA operator could be enormous, easily justifying 
the cost of physical security measures rivalling that found around weapons
of 
mass destruction.

This brings up an interesting question though...  For a government, it's
very 
easy to designate a resourse as being sufficiently valuable to authorize the

use of deadly force to protect it - try to get close to a stealth aircraft 
sometime. For commercial applications, however, even where billions of 
dollars may be at stake, it's harder (if not impossible) to implement that 
final line of security.  

So for you non-government types, would your CA physical security include 
lethal defenses?  Can anyone think of any application for a non-government
CA 
that would require such defenses?  I'm not talking about just armed guards 
here...  I'm talking about defenses that would kill an unauthorized 
individual who entered protected space BEFORE they did any damage besides 
entering that space. 

Timothy M. Metzinger
Technical Director
Drug Enforcement Administration
Office of Information Systems
(202) 307-9884
(888) 385-0705