On Aug 14, 2007, at 2:48 AM, Thomas Hardjono wrote:
<snip>
With regards to the thread on multiple TA-Authorities (TAA), this
is why
I was a bit insistent earlier that we focus initially on the
Enterprise
environment (since its easier).
Within the Enterprise there is typically a single TAA (eg. IT admin),
and she/he will be the entity doing the adding/deleting of all Trust
Anchors for all the machines & devices within the Enterprise. (PS. I'm
assuming here that commands to install/delete TAs will be
accompanied by
the appropriate source authentication).
In the Consumer space, TA usage and management may have to be
application-driven. Meaning that if an organization (e.g. Bank,
SalesForce.com, etc) requires its TA to be present at the client
end-point before allowing a transaction, then the home-user will just
have to accept such installation (ie. press "Yes" at the dialog box).
If a Bank's TA is inadvertently deleted (eg. by a user, malware or
another TA), then the Bank will just have to install it again the next
time the user seeks to transact with the Bank.
If a virus or malware succeeds in deleting or modifying TAs at a
consumer machine, well the consumer will simply have to (somehow)
install them back agaian (eg. from backup).
/thomas/
I think what's typical for an Enterprise depends on the application.
If we're talking about browsers, then I think it's perfectly
acceptable to have two TAAs - one from the browser vendor (it
shouldn't be my employer's task to tell me that Verisign has a new
root CA certificate - that's Microsoft's job) and the other being the
corporate IT department. That's why I think each TAA should be able
to manage its own (and only its own) trust anchors.
In your consumer space example, I again don't think SalesForce.com
should be able to delete bankofamerica.com's trust anchor. Perhaps
there should be exception, such as if Microsoft learns that the
bankofamerica.com TA really belongs to a phishing company, but I
think each TAA should manage its own as a general rule, and this
should be enforced.
