Re: [Fed-Talk] Root Cert on MacBookPro Question
Re: [Fed-Talk] Root Cert on MacBookPro Question
- Subject: Re: [Fed-Talk] Root Cert on MacBookPro Question
- From: David Emery <email@hidden>
- Date: Mon, 28 Dec 2009 16:25:13 -0500
I've had problems getting PKI to work on each environment I've tried:
Thunderbird in MacOS
Mail.app in MacOS
Internet Explorer in WIndows XP
The absence of any other environment is not an indication of success, rather it's an indication I haven't messed with it.
So this is well beyond just a Mail.app problem. Some of these are relatively simple problems, such as provisioning root certs. But a huge part of the problems -everywhere- have been the total absence of meaningful diagnostic information that I can use to figure out what the problem is. So much of the PKI infrastructure assumes an expertise in PKI principles that I, as an experienced (32 years + college) don't have.
And I think this is a much bigger problem than just DoD configurations. The inaccessibility of PKI for the average person (either end-user or infrastructure provider) means that PKI solutions which have been advocated for a more secure web (with the notable exception of https websites), have failed to meet their promise for a more secure internet. I think this is systemic with the way the security industry has approached PKI, with way too much "perfection" and business constraints in the way of the more general good. (Disclosure/Disclaimer, my wife now works for Verisign, but I have no association with them.)
From a Federal Government perspective, I think the IA Czar should take a real deep serious look at why we can't secure the Internet, and maybe the approach is to move some aspects of PKI from the private sector to government, e.g. certification issuance. But that's clearly getting into policy decisions that I admit are (a) probably off-topic; (b) I started in the first place. Mea culpa!
dave
On Dec 28, 2009, at 1:49 PM, Timothy J. Miller wrote:
> David Emery wrote:
>> So, Tim, would you carry a PKI-enabled rifle into combat?
>
> Yes. I've been involved in multiple systems that use PKI and operate at the tactical edge. It can be done, is done, and will be done more as time goes on.
>
> The fact that Apple gets it wrong in Mail.app has absolutely no bearing on the suitability of the underlying technology.
>
> -- Tim
>
>
-----
David Emery, 703 298 3473 (c) 703 272 7496 (fax)
Supporting PdM Software Integration
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden