Re: [Fed-Talk] Fed-talk Digest, Vol 12, Issue 8
Re: [Fed-Talk] Fed-talk Digest, Vol 12, Issue 8
- Subject: Re: [Fed-Talk] Fed-talk Digest, Vol 12, Issue 8
- From: "email@hidden" <email@hidden>
- Date: Fri, 16 Jan 2015 17:11:39 -0500
> On Jan 16, 2015, at 16:40 , Henry B (Hank) Hotz, CISSP <email@hidden> wrote:
>
> On Jan 14, 2015, at 12:20 PM, email@hidden wrote:
>
>> On Jan 14, 2015, at 15:00 ,Beatty, Daniel D CIV NAVAIR, 474300D wrote:
>>>
>>> 2) The capabilities that allow this attack are the same ones that would e.g. allow the installation of PIV/CAC card drivers for use with Filevault 2 at boot.
>>>
>>> I'm actually kind of curious how much interest there would be in 2), since it seems like a fun project to me.
>>
>> Well, ignoring my great dis-satisfaction with he complexity and fragility of PKI and token readers*, and the vulnerabilities introduced by depending on an external device of any sort….
>
> While Apple and the Fed may feel free to ignore relevant standards, I do not feel so empowered. X.509 PKI and one of the several smart card “standards” would seem to be the way to go. I do agree on both your points though.
>
Two observations about standards, based on almost 30 years working on multiple formal IEEE and ISO standards activities:
1. There are so many to chose from (particularly if your definition of 'standard' includes products from industry consortia, de-facto standards and the vague excuse "that's a best practice...." )
2. Just because something is a standard, that doesn't mean it's practical! Standards committees are full of people with academic knowledge but very little real world engineering experience.
A friend of mine observed, "The government standardizes stuff it doesn't understand, to relieve itself of the responsibility for thinking about it." That's been, unfortunately, a very accurate observation.
dave
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden