[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CIA Fears UmpTeen InfoNukes



At 10:51 AM 6/28/96 -0500, Rick Smith wrote:
>[email protected] (Bill Frantz) writes:
>>I think that backward compatibility requirements are a significant part of
>>the reason we see this problem.  The other part is, of course, that there
>>is no market for security.
>
>...
>
>The requirement isn't "backwards compatibility," the requirement is
>that people get their work done. If the security threat keeps them
>from getting their work done, then backwards compatibility is no
>longer a major requirement.

Absolutely.  However, from a vendor's point of view, customers have a wide
range of security problems.  Some run in an open environment and have no
use for security.  They may still be using those VT100s.  These are the
customers the vendor considers when thinking of backwards compatibility.


>>The ideal situation for them would be to use public key authentication
>>because it would be entirely user-transparent. ...
>
>Nonsense. The mere fact that it's not currently deployed guarantees
>that it won't be user transparent. Vendors will include it on some
>rewrite of whatever software it's embedded in. Memory requirements go
>up and delays are introduced when the crypto computations are
>performed. Security will be added only if it gives customers more
>things they can do, so there'll be other functional changes as well.

There are several "users" at issue.  I fully agree that those
administrators responsible for upgrading the software and hardware for the
change will notice.  The people who have to pay for it all should also
notice.  But the actual end user may find the logon simplified.  If is
sufficent to mearly identify the machine and not the person, then the new
software can eliminate end user involvement in the logon.  The
administrator is responsible for installing the private key in the machine
and the end user never sees it.

On the other hand, if users still must be identified, it is possible to
give them a logon interface which is unchanged from the old,
non-one-time-password, interface, while still giving them the benefits.


-------------------------------------------------------------------------
Bill Frantz       | The Internet may fairly be | Periwinkle -- Consulting
(408)356-8506     | regarded as a never-ending | 16345 Englewood Ave.
[email protected] | worldwide conversation.    | Los Gatos, CA 95032, USA