Gary wrote:
> True, it has some limitations. Some will be solved, some may not. But
> for our users of mainline applications, it seems to cover the bases
> pretty well.
So for you, in your specific environment, it may be an OK solution.
There have been a number of concerns raised, though.
> The bulk of our machines are PCs. I probably should have made that
> clear.
Again for your environment it may work, but what about the other systems
that your PC users may want to communicate with securely. You need
interoperability.
>
> > The "certificate diskette" is yet another potential problem. Since the
> > private key is decrypted off the disk and stored in the end system it is
> > available to be read by anything running on system (especially on PCs)
> > and when the diskette is removed does the private key get removed or
> > does the system maintain its identity/Distingushed Name. It can't check
> > for the presence of the diskette on every packet or it would be too slow
> > to be usable. In addition the private key (though encrypted) on the
> > certificate diskette is copyable.
> >
>
> I'd put this in the class of "please remember to logoff the system
> when you are done and before leaving your terminal/PC". The user
> needs to "unsecure" the desktop before leaving. This may imply
> turning it off or Hannah may have some procedure to "unauthenticate".
> The diskette is a threat but physical security addresses that.
No the threat is also that if I can copy your diskette and guess or bute
force your password (users always use good passwords) or I can grab the
decypted private key from the PC itself then I can become you.
Obviously if you think that it meets your needs (as you seem to) then
use it.
geoff
|
|
