[145089] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (John Levine)
Wed Nov 18 11:26:42 2009
Date: 18 Nov 2009 01:40:28 -0000
From: John Levine <johnl@iecc.com>
To: cryptography@metzdowd.com
In-Reply-To: <20091117191413.GY24774@np305c2n2.ms.com>
Cc: Victor.Duchovni@morganstanley.com
>> In this case, heck, no. The whole point of this thing is that it is
>> NOT remotely programmable to keep malware out.
>
>Which is perhaps why it is not a good idea to embed an SSL engine in such
>a device.
Agreed. A display and signing engine would be quite adequate.
>Such a device does however need to be able to suppor multiple mutually
>distrusting verifiers, thus the destination public key is managed by
>the untrusted PC + browser, only the device signing key is inside
>the trust boundary. A user should be able to enroll the same device
>with another "bank", ...
If you really need the ability to do that, I'd think it would be
better to make an expandable version into which you could plug each
bank's chip+pin cards, not try to invent a super-protocol for
downloading a bank's preferred keys.
R's,
John
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
