Re: RFC 2527 Physical Security Controls Question

[Lynn.Wheeler@xxxxxxxxxxxxx]

one of the X9.59/AADS scenerios is that the public key operation becomes
integrated into the infrastructure of the financial transaction. If that
infrastructure has spent several hundred million on security & integrity
infrastructure ... then all components have to be at the same level of
security/integrity or it puts the infrastructure at risk (don't want to
introduce new risk and failure modes).

That somewhat reverses the question ... rather than how much has to be spent on
the PKI specific implementation ... it becomes all components have to meet same
minimum integrity/security requirements; that goes for both availability (denial
of service attacks) as well as compromise (& ability to then do fraudulent
transactions).

For some infrastructures, the security/integrity infrastructure may only
represent thousands of dollars ... while some commercial operations the
security/integrity infrastructure may represent hundreds of millions.

So if public key becomes integral to the core operation (say on a transaction by
transaction basis)  ... then its associated infrastructure has to at least meet
the requirements of that infrastructure (w/o introducing new risk and failure
modes).

Furthermore, there may be situations were there is no level of liability &
insurance that would make any kind of trusted 3rd parties acceptable

The other issue not to be overlooked ... is that one of the biggest threats to
(at least) commercial operations are insiders. Some of the human factors issues
may change when only hundreds of billions of dollars are at stake.