\subsection{Physical and Network Security}

Ultimately, the security of any system is only as good as the least secure
component of that system.  This applies to the smart card system as well as
any other.  With all the attention which is being placed on encryption methods
and protocols, it is easy to overlook the basic issues of physical and network
security.  Unless all of the involved machines, key-servers and servers alike,
are safe from physical and network prying, the system is not secure.  Anyone
with physical or network access to the machine can gain access to any data he
desires, possibly changing it.  

Fortunately, denying physical access to something is an old problem with many
solutions.  Most of these solutions involve good old-fashioned lock and key.
Unfortunately, denying network access is a much newer and much more subtle
problem.  The methods of attack are very diverse.  Usually, by making a
machine as closed as possible to anything but the most essential of network
traffic, one can achieve a secure workstation.  As an example, the Kerberos
server for MIT has never been broken into. [ref jis]

It is likely that the key servers would be maintained by several professional
system administrators, and that they would be secure.  The weak link is the
many servers which may be maintained by other individuals who lack familiarity
with the issues involved in network security.  The best solution is to have
the servers jointly maintained by the service providers and by the maintainers
of the key servers.