[funsec] National Strategy for Trusted Identities in Cyberspace
dparis at w3works.com
Mon Jun 28 06:23:22 CDT 2010
On 6/28/2010 2:42 AM, Rich Kulawiec wrote:
> On Sat, Jun 26, 2010 at 09:25:11PM -0400, Valdis.Kletnieks at vt.edu wrote:
>> a) How do you protect it? Both "private key stored on the computer" and
>> "password sent to the certifying system" aren't very secure if the user's
>> computer is one of the 150 million compromised systems. Other systems, like
>> smart cards, assume that standardized smart card readers are ubiquitous...
> Exactly. It continues to simultaneously amaze and disappoint me that
> so many supposed "experts" are blissfully unaware of the current state
> of the 'net and have absolutely no idea that their latest Big Idea was
> already completely defeated years before they came up with it.
It's not so much a case of the state being "aren't very secure", as much
as it is a case of being 100% *non-trustable*. If you can't trust the
source in the first place, everything stemming from it is inherently
As to Rich's comment ...why be good & effective when you can be sloppy &
irrelevant and still have people throw money at you? :( I stopped
being amazed or disappointed when I accepted the fact that men with
money will always throw more money at a stupid idea they know little
about when there's the potential to make more money off far more people
who know as little or less than they do. ...which pretty much
encompasses the entirety of Wall St.
More information about the funsec