> Christopher Osborn <cosborn @
> Thats one MAJOR problem with lotus notes. The ID's are located on a LOT of
> inherently insecure systems that, even if they could be secured won't be.
> That can be one of the major problems with "client server" esp with
> MS-windows PC's. Users must take an ID file with them everywhere which
> just leaves more ID files lying around.
This is the drawback for any system requiring a private key. It's possible to
create policy and training that reduces the liklihood of this kind of problem.
For example, set everyone up to use the ID from the floppy drive and they can
carry it around without leaving local copies. Sure, most companies won't do
things like that, but most companies would probably be using Notes even if it
used only 8 character passwords for authentication. If better security is a
priority, Notes gives you some of the tools to achieve it, but it sure doesn't
do all the work for you.
If (as I hope) more systems start implementing more robust authentication than
simple passwords, private key management on networked/multiuser systems is a
problem we'll be dealing with over and over again. Notes just happens to be
the first widely-deployed program that uses RSA and has a user population
largely ignorant of the principals behind it.
Robert Dana <bob @
com> (713) 650-6522 x240
WorldCom Director of Network Services
Wolf Communications, Houston, TX Go WorldCom!