
From: Albert Levi: Saturday, July 01, 2000 10:04 AM
Not only is this argument by analogy, the connections are tenuous. I hold my credit cards and Keys physically in my hand. That is much different that having a bunch of random numbers that are too long to remember. Even so, I never carry more than 3-4, of >20, credit cards, nor do I carry all my keys. In fact, I try to reduce the number of each as much as possible, even if this means consolidating combinations/numbers/keys. Granted, this didn't connect with me either, until my users started complaining. In key management, there quickly comes a point where the management itself becomes a security risk.
I'm an empty-nester, my kids don't have access. You may explain it to them, but they will only grudgingly agree. Then only because they don't know any better and you don't give them a choice. You will lose them to the first one that gives them that choice. Users don't want to know the difference between SSL POP Auth and message content encryption. To them, it is all the same. Technically, there is no reason that you can't use the same key for both. Neither to they understand the difference between Webmail and POP email, after all, the content is the same. "why do I have to have three different certs to read the same email message?" is exactly what they asked me. To be honest, I couldn't answer that satisfactorily, because there was no non-ideological answer. Technically, X.509 would indeed give it to them, PGP wont.
participants (1)
-
Roeland M.J. Meyer