On Thursday, February 01, 2007 03:06:21 PM -0600 [EMAIL PROTECTED] wrote:
What keeps a user from copying the identity token from the USB
device to a local or shared file system to avoid having to insert
the USB device all the time?
We were considering public flogging but were unsure if we could get it
into an IETF draft.
<wg chair hat on>
Anyone can submit an internet-draft; just write up your proposal according
to <http://www.ietf.org/ietf/1id-guidelines.html> and send it off to
[EMAIL PROTECTED]
You should then bring up your proposal on the Kerberos Working Group
mailing list, [EMAIL PROTECTED] We're beginning to move into the area
of preauthentication and improving the initial authentication exchange, and
while I can't guarantee that your proposal will be well-received, it will
certainly receive the same consideration as a number of others that have
recently been raised.
<wg chair hat off>
Security starts with user training and making it unnecessary for them
to want to do things like that.
In this case, I think that is unrealistic. The thing users want to avoid
is "Oh, damn, I have to dig out this stupid USB thing and plug it in before
I can use my computer, what a pain." They'll do that by copying the file
off, especially after the first few instances of "Oh, damn, I have to dig
out this stupid USB thing and plug it in to use my laptop, and I can't
because I'm in Europe and the USB thingy is in Pittsburgh".
-- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]>
Sr. Research Systems Programmer
School of Computer Science - Research Computing Facility
Carnegie Mellon University - Pittsburgh, PA
