[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: epiphany

To: frantz@netcom.com (Bill Frantz)
Subject: Re: epiphany
From: Carl Ellison <cme@cybercash.com>
Date: Mon, 15 Jul 1996 15:24:04 -0400
Cc: spki@c2.org
Sender: owner-spki@c2.org

At 11:53 AM 7/15/96 -0700, Bill Frantz wrote:
>As to Alice and Bob above*, if such delegation is permitted by the
>policies, then Alice generates a delegation certificate for Bob and Bob
>uses it to be "Bob acting for Alice". 

My trouble with this comes from an experience I had a while ago.

The president of a company I worked for long ago wanted a PGP key for
correspondence overseas (that being the only way the US gov't would allow).
So, I offered to show him how to generate one.  No -- he wanted his
secretary to generate it in his name.  Not "Carol acting for David" but
"David".  Why?  Because he wanted his correspondents to have the warm fuzzy
feeling of knowing they were speaking directly to the boss, not to his
secretary -- even when they were actually speaking to his secretary.

This man fully understood security, I&A, etc.  He made a decision on psych
grounds rather than security grounds.

 - Carl

Prev by Date: Re: epiphany
Next by Date: certificate chains
Prev by thread: Re: epiphany
Next by thread: Re: epiphany
Index(es):
- Main
- Thread