On Wed, Nov 11, 2009 at 09:42:21PM -0500, Jerry Leichter wrote: [...] > If one organization distributes the dongles, they could accept > only updates signed by that organization. We have pretty good > methods for keeping private keys secret at the enterprise level, > so the risks should be manageable.
But even then, poor planning for things like key size (a la the recent Texas Instruments signing key brute-forcing) are going to be an issue. -- { IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657); SMTP(fu...@yuggoth.org); IRC(fu...@irc.yuggoth.org#ccl); ICQ(114362511); AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fu...@yuggoth.org); MUD(fu...@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); } --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com