Why Do I Have All These Keys?
Sunday, October 26 2008

I’m unhappy with the state of my pants.

Now, before you get too far into the “um… lose some weight then” comments (thanks for that, though :-) ), let me explain. I’m unhappy that I need to carry around so many keys. It’s gotten fairly ridiculous; I won’t post a picture of my keyring here, because people could copy my keys, but I need four keys for my apartment building, a key to CS grad student stuff, a car key, a couple of keys to other people’s things, a USB key that holds encryption keys, a one-time-password token (for VeriSign VIP), and a card wallet that holds two other pseudo-electronic keys: my Hopkins ID, and my Peabody Conservatory ID. All keys. The total weight is something like three pounds– a lot in a pants pocket.

This is insane. First off, of course, Hopkins owns Peabody, so there’s no earthly reason that we should use different ID cards– but every division of Hopkins does, so this isn’t a new problem. Even setting that aside, though, why should I need to carry tokens in addition to one magnetic-readable card to access Hopkins resources, like the CS department?

Well, as usual, there’s a political problem here too: Hopkins believes that its security is so important that nearly no one should have access to the card verification network. Hence, to tie into it, Hopkins charges departments $5000 to install a card reader. (Which costs $5. Seriously.) Therefore, departments (which aren’t made of money, really) either have to roll their own card reader system (as my department did for the undergraduate lab), or issue keys to a whole lot of students (as they did for the graduate and Ph.D labs).

In addition to these, I have OTP and encryption tokens, which aren’t necessary. Why not?

Well, here’s the deal. I carry around a very powerful, very compact device that has a full processor and OS in it. It’s called an iPhone. The iPhone has bluetooth and WiFi connectivity to broadcast its presence to everyone else. Why can’t this do everything I need? Why can’t it let me into doors, serve as an OTP token, hold my encryption keys (heck– it could perform the encryptions locally, on demand from my computer), and all the rest?

There are too many crappy bits of metal I have to keep track of, for no reason other than politics (JHU Security, mostly, though GPG having no iPhone implementation, when it runs on every other system up to and including a toaster oven, is also most likely a political mess– and with real encryption locally, it could serve as a smart card, and thus be able to be used as a physical security token). And now with Android being in a real device, one can even have a more “open” smart platform. So what gives?

For now, however, I’ll just resign myself to breaking my wrist off to open my mailbox. What a mess.

blog comments powered by Disqus

Some rights reserved, but not all of them, as that's rude. Design courtesy of, well, me.