[722] in cryptography@c2.net mail archive
Re: Full Strength Stronghold 2.0 Released Worldwide
daemon@ATHENA.MIT.EDU (Kent Crispin)
Wed May 7 15:20:00 1997
Date: Tue, 6 May 1997 23:24:10 -0700
From: Kent Crispin <kent@songbird.com>
To: cryptography@c2.net
On Tue, May 06, 1997 at 08:04:29PM -0700, Lucky Green wrote:
> At 09:37 AM 5/6/97 -0400, Adam Shostack wrote:
> >I agree with Sameer here. What is the requirement being served by
> >KR/OKAY in Netscape's system?
> >
> >Adam
> >
> >(I also like Sameer's use of KR/OKAY and KR/GAK to indicate how close
> >they are to each other. Mandated OKAY features can be turned into
> >GAK. Better to let the market decide which KR features are needed,
> >and how to implement them.)
>
> Wrong assumption. It is not which KR features are needed. It is if KR is
> needed. I hold that KR is not needed in the enterprise. Despite what
> business has been told and now nearly universally assumes to be true.
"Needed" is a funny word. Fundamentally, it is irrelevent whether KR
is "needed" in a technical sense. The fact is, there is an undeniable
demand for it.
It is my opinion that the demand is not driven by a false perception
of a technical need, as you suggest. Rather, the demand is driven by
two other things: the nature of management control in business, and
the psychology of key management by people who don't have a personal
stake in remembering their keys. Neither of these are technical
factors. You won't have much luck convincing business people that
they don't understand the psychology of their employees, either.
--
Kent Crispin "No reason to get excited",
kent@songbird.com the thief he kindly spoke...
PGP fingerprint: B1 8B 72 ED 55 21 5E 44 61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html
