[145091] in cryptography@c2.net mail archive
Re: Crypto dongles to secure online transactions
daemon@ATHENA.MIT.EDU (Bill Frantz)
Wed Nov 18 17:42:09 2009
Date: Wed, 18 Nov 2009 09:22:01 -0800
From: Bill Frantz <frantz@pwpconsult.com>
To: cryptography@metzdowd.com
In-Reply-To: <20091118014028.50714.qmail@simone.iecc.com>
johnl@iecc.com (John Levine) on Wednesday, November 18, 2009 wrote:
>>Such a device does however need to be able to suppor multiple mutually
>>distrusting verifiers, thus the destination public key is managed by
>>the untrusted PC + browser, only the device signing key is inside
>>the trust boundary. A user should be able to enroll the same device
>>with another "bank", ...
>
>If you really need the ability to do that, I'd think it would be
>better to make an expandable version into which you could plug each
>bank's chip+pin cards, not try to invent a super-protocol for
>downloading a bank's preferred keys.
Perhaps I'm missing something, but my multiple banks will all accept my
signature when made with the same pen. Why wouldn't they not accept my
signature when made with the same, well protected, signing/user verifying
device. I might have to take it to the bank to give them its public key in
person, but that seems a minor inconvenience.
This kind of device sounds like a fine device for a banking industry
committee to specify.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Airline peanut bag: "Produced | Periwinkle
(408)356-8506 | in a facility that processes | 16345 Englewood Ave
www.pwpconsult.com | peanuts and other nuts." - Duh | Los Gatos, CA 95032
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
