|
Full Disclosure
mailing list archives
Re: Expired certificate
From: bk <chort0 () gmail com>
Date: Fri, 23 Jul 2010 11:29:00 -0700
On Jul 22, 2010, at 10:12 PM, Marsh Ray wrote:
On 07/22/2010 10:40 PM, Dan Kaminsky wrote:
There are fundamental sources of these failures that are not just
"people are stupid". Remember the tales of failed +$100M PKI
deployments around the turn of the millenium?
I can imagine a PKI project failing.
But failing after $100M is spent can be only explained by business
management problems. This is not a space program we're talking about
after all, the PKI technology just isn't that risky.
It's not that it's risky, it's just that the techy people got all carried away with how it should work technically, and
by the time they rolled it out to actual workers they realized that it was a usability disaster. No one is going to
deal with that big of a disruption to how they perform their work on a daily basis. The biggest, grandest schemes
always get torpedoed by the smallest human problems.
So far as I know, the only environment PKI is really widely adopted in is the military, because they get to say "you
WILL use this smartcard, soldier! YOU HAVE A PROBLEM WITH THAT?" Private sector workers can just say "Hah, I'll call
that head-hunter back." Soldiers? Not so much...
Why do you think so much money got spent?
Consultants!
Consultants: The people you call when you just can't admit the requirements were ridiculous, but are willing to burn a
few million more dollars proving it conclusively.
The worst idea I've ever heard is probably this:
http://news.techworld.com/security/3228198/obama-internet-kill-switch-plan-approved-by-us-senate/?olo=rss
Should go without saying. Oops.
--
chort
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
| 
