[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:
>As to Alice and Bob above*, if such delegation is permitted by the
>policies, then Alice generates a delegation certificate for Bob and Bob
>uses it to be "Bob acting for Alice".
My trouble with this comes from an experience I had a while ago.
The president of a company I worked for long ago wanted a PGP key for
correspondence overseas (that being the only way the US gov't would allow).
So, I offered to show him how to generate one. No -- he wanted his
secretary to generate it in his name. Not "Carol acting for David" but
"David". Why? Because he wanted his correspondents to have the warm fuzzy
feeling of knowing they were speaking directly to the boss, not to his
secretary -- even when they were actually speaking to his secretary.
This man fully understood security, I&A, etc. He made a decision on psych
grounds rather than security grounds.