Adam Shostack wrote:
It may be, indeed. You're going (as Lynn pointed out in another post)
to be fighting an uphill battle against the last attempts. I don't
think smartcards (per se) are the answer. What you really need is
something like a palm pilot, with screen and input and a reasonably
trustworthy OS, along with (as you say) the appropriate UI investment.
given the recognition of the serial port issues from the earlier, dial-in
online banking ... providing a strong motivation to transfer responsibility
for all such problems to ISPs (under the guise of moving to the internet)
http://www.garlic.com/~lynn/aadsm27.htm#35 The bank fraud blame game
that even the transfer of a little bit of institutional knowledge would
have enabled the avoidance of later smartcard reader deployment disasters
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
However, following some of the early "yes card" deployments
http://www.garlic.com/~lynn/subintegrity.html#yescard
it appeared to be more of a case where smartcard organizations were
very narrowly focused on purely smartcard issues and ignoring
everything else.
that aspect was highlighted in an early presentation about circumstances
surrounding the "yes card" ... and there was a somewhat
uncontrolled comment from somebody in the audience "do you mean to say
that they managed to spend a billion dollars to prove that chips are
less secure than magstripes".
misc. old posts/threads mentioning the pc/sc serial port issue & smartcard
reader deployment disasters
http://www.garlic.com/~lynn/aadsm23.htm#43 Spring is here - that means Pressed
Flowers
http://www.garlic.com/~lynn/aadsm23.htm#50 Status of SRP
http://www.garlic.com/~lynn/2002m.html#37 Convenient and secure eCommerce using
POWF
http://www.garlic.com/~lynn/2002m.html#39 Convenient and secure eCommerce using
POWF
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
