-----BEGIN PGP SIGNED MESSAGE----- >What do you reckon Jay! > i reckon ya'll keep discussing - many interesting ideas percolating up...there are several wants and needs to try and balance out in this area - most of them come down to a "security vs. convenience" continuum/tradeoff. we've been discussing/planning ideas for security upgrades for a while...some of the areas that have been brought up on this list already: 1. anyone that can implant a keyboard sniffer or other virus on your machine *owns* it. it is no longer trusted and you might as well assume the bad guy is watching everything you input and mutating everything that you are seeing. 2. PKI type devices require computational power that - in general require an interface to the users computer to function. e.g. smart card reader. at this point software on the users computer is back in the equation. see bullet 1. 3. shared secret devices with a display (such as the cryptocard) provide a pretty good solution. they are physically divorced from the users computer. but they are relatively expensive - compared to smartcards. they do lack the mathematical non-repudiation of a PKI solution however. (i.e. **shared** secret means more than 1 entity knows the secret :) what i would like to see happen is a user selectable option in this area. higher value account holders and merchants able to choose to use more sophisticated authentication and authorization devices. we have some ideas for an entry level device that will be relatively low cost, relatively easy to use, and relatively highly secure. it won't be here today or tomorrow, but stay tuned... * * * * * * the advice given here should be followed when possible: http://www.counterpane.com/crypto-gram-0105.html#8 * * * * * * jay w. [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.3 iQEVAwUBOwx7nMyM0YPqVE7FAQFzQwgAmKtP/UcASn/kGP8VMMERdIbfvDdUPFx9 chj7VWLEDj8Ns7S7DJUa/egWNQFEL7xOjMU1L5C8KNPiH3w9cVs70pTXA2Yai9ZR NvOG4u2sX9jwDBwYLQOpg9qygGoLkbAtBXdBLMZJftr0HO0u/Kp8HndrY6LekFm2 ux9a+kwgqudFJX610tLlcOpQ4Qq0QE6eugXyUXNNJeRFQh87WzIeZbMfA1p/7+XC q93L2nwoUGRTwI1ZYikuJFOpjeytK2Uehf9ylnTxo0ZRUzqftHfiVhOjOWTGTrbI g49imVpUnwz18SiufnRflKUqvdfSlF0K8zOs8tukDswZpaxF752FEw== =RQxz -----END PGP SIGNATURE----- --- You are currently subscribed to e-gold-list as: archive@jab.org To unsubscribe send a blank email to [EMAIL PROTECTED]
