Can I ask a blunt question, please?
Does one's site in current reality need to own and operate BBN
SafeKeyper hardware, or equivalent, to be part of the coming PEM
pilot?
Our local security group thought long and hard yesterday how to deny
our intuitive conlusion that PEM sites MUST have such a secure hardware
base to be part of the PEM pilot/service as only then would the
provisions of RFC 1114 allow the current operators to certify newcomers
and thereby maintain the assurance levels required to derive the
perceived PEM requirements for trusted identities and the consequent
PEM user security services.
We did not succeed. We tried hard to consider the whole trust/belief
solution and all its major network design issues relating assurance to
trust to naming to secure-hardware to certification to ... and after
all this, failed to reconcile both our own understanding of the design
justifications for RFC 1114, and the (perhaps incorrect) RFC 1114
implication recounted above.
So, its really a question of "Help!" - I need reasons to believe in RFC
1114 operating in your average Internet site without trusted
certificate generator hardware. I know Steve Kent will have designed it
thus, but how?
Peter.