[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RFC 2527 Physical Security Controls Question

To: ietf-pkix@xxxxxxx
Subject: Re: RFC 2527 Physical Security Controls Question
From: TMetzinger@xxxxxxx
Date: Wed, 15 Dec 1999 17:02:39 EST
Cc: pki-twg@xxxxxxxxxxxxxxxxxxx

In a message dated 12/15/99 3:17:16 PM Eastern Standard Time, 
Lynn.Wheeler@firstdata.com writes:

<< So if public key becomes integral to the core operation (say on a 
transaction by
 transaction basis)  ... then its associated infrastructure has to at least 
meet
 the requirements of that infrastructure (w/o introducing new risk and failure
 modes).
 
 >>

Boy oh boy is that an important statement!  I paraphrase it as "If you 
integrate PKI into a business process, in such a way that the process DEPENDS 
on the PKI working properly, you've just held your business process hostage 
to your PKI." 

Thus, as you say, the PKI needs to meet the requirements and not introduce 
new risk.  I don't think there is any way to introduce PKI into a process 
without introducing some new failure modes, but that just means you have to 
compensate for those failure modes to keep the risk acceptable.

All of which means to me that we need to be VERY cautious when trying to 
"improve" a process with PKI.  Remember that it can take as long (or longer) 
to remove automation from a process as it did to add it.

Prev by Date: Re: RFC 2527 Physical Security Controls Question
Next by Date: Re: RFC 2527 Physical Security Controls Question
Previous by thread: Re: RFC 2527 Physical Security Controls Question
Next by thread: Re: RFC 2527 Physical Security Controls Question
Index(es):
- Date
- Thread