7 Jan
2016
7 Jan
'16
4:21 p.m.
On Jan 7, 2016, at 4:13 PM, Mouse <mouse at
Rodents-Montreal.ORG> wrote:
I find that easy to believe. However:
(1) "[E]very company [you]'ve worked for" is almost certainly a heavily
biased sample; if you have a tenth the clue you appear to, you
would stay away from the dodgier ones.
Probably. ;-)
I
don't trust the vendor's internal security to keep the key from
leaking and I don't trust the vendor's HR security to prevent
malware authors from making it to the inside, and I *sure* don't
trust the vendor to resist a request from law enforcement [...]
I don???t know if
it???s typical or not, but every company that
I???ve worked for that has managed crypto-keys has taken key security
*very* seriously.
(2) Taking key security seriously is a very different thing from being
good at key security. (They probably correlate positively, but not
nearly as strongly as one might wish.)
Agree. In the cases I?m aware of they do both. ;-)
TTFN - Guy