UP | HOME

Public Kill-me-please-kill-me Infrastructure

In case you hadn't gotten the memo, passwords just aren't secure enough. And I'm not talking about how most people use words like "sex" or "baseball" as passwords. Even if your password is "inFinY+e g4rgicu!ati0n #fun" it's insecure.

I know.

It's like being unplugged from The Matrix.

"If passwords aren't security, what is?"

Well people who actually care about security (protip: that isn't you) have already figured this out. They've perma-solved the security problem through a little trick they call Public Key Infrastructure or "sodomize all third party developers to death" for shorts.

I could go into details about how the certificates are distributed and all that but your head would explode – assuming it hasn't exploded already from the idea that passwords aren't meaningful security.

It shouldn't come as a surprise to anybody that sodomy and PKI appear in the same place quite often. I'm certain that when Microsoft decided to create their Active Directory Certificate Authority service for Windowsr Serverr 2008, the conversation went a little something like this:

Product Manager: Make our server OS into a CA.

Developer: Why should I do this?

Product Manager: Because if you don't, we're going to insert this rose bush into your rectum.

Developer: I guess that's compelling enough – I've always wondered why you carried that plant with you – How should it work?

Product Manager: Well, if it's too easy to configure, people will start to think they don't need to pay to attend any of our tech evangelism seminars so we should add at least a little confusion.

Developer: Already way ahead of you. I've got the setup wizard half-done now.

Product Manager: Does it work like our other installation wizards and never tell you why anything does or does not work?

Developer: …

Product Manager: Sorry. I should know better than to question your skills of obfuscation. Anyway, hurry it up! I can't to use this rose bush on the first customer who complains that nothing works and none of our documentation helps.

So then they added ingenius features like, you can never create an Enterprise CA unless you're joined to the forest root domain. And never bothered documenting it.

Date: 2013-07-10 17:26

Author: Anthony "Ishpeck" Tedjamulia

Org version 7.9.3f with Emacs version 24

Validate XHTML 1.0