Rethinking stored document encryption: Part 3
Having set out our objectives and in particular our non-objectives it is finally time to start thinking about the technology. In particular the use cases we are going to meet.
Less is more, and not just because certain parites have attempted to create a thicket of IPR covering all and every application of DRM. The fact is that complexity only rarely provides functionality. If a feature is too complex for the typical user to use it might as well be avoided.
Traditional security use case analysis has tended to revolve around attacks. That is important of course but it tends to drive us towards a mode of thinking where the user is primarily focused on thwarting the attack rather than their actual job.
The use cases then should be simple:
- Alice creates a confidential file
- Alice wishes to share her confidential file with Bob
- Alice wishes to share her confidential file with Carol who works for a different company
- Alice wishes to share her confidential file with anyone authorized to do so under an enterprise specified security policy
- Alice has a large number of confidential files to manage and wishes to define a security policy of her own
- Alice looses her access credentials and wishes to regain access to all her confidential files
What is striking about these particular use cases is that practically all of them fall within the exsiting scope of S/MIME if we make one simple change: Apply S/MIME to disk storage rather than email transport. More on that tommorow.
