Hey people,
> >Why not digital certificates. They are cheaper I think and work
> >really well. For those who want maximum security, you can always
> >have your certficicate store on a smart card.
>
> Claude, IMHO, using a cryptocard is even more secure, considerably
> more secure, than using a cert (even with your cert stored on a smart
> card).
Crypto-card and digital client certificates can make a marriage as
beautiful as that of Willem-Alexander and M�xima.
Claude's idea is to use digital client certificates which are easily
obtained; for those demanding maximum security, they would use a device
that they consider safe (such as a crypto-card) to generate the keypair
from, and to keep the private key stored on.
The CryptoKi standard defines an API for `things that handle key pairs'
and any self-respecting crypto-card would implement that standard. Your
browser should be able to speak with the card using that protocol.
This combination of card and storage/key-generation device is a very
powerful one. You can generate a client certificate in a way that is
as safe (and expensive) as you like it to be. The client certificate
is the general interface to the system, generating/storing the accompanying
private key securely is your own responsibility.
I think this approach rocks. Anyone with a link to these card/key devices
is welcome to send it to [EMAIL PROTECTED] -- I've been wanting to look
into them for some time now.
References: CryptoKi (pronounced "crypto-key") is defined in PKCS #11,
http://www.rsasecurity.com/rsalabs/pkcs/pkcs-11/
Cheers,
Rick van Rein.
---
You are currently subscribed to e-gold-list as: [email protected]
To unsubscribe send a blank email to [EMAIL PROTECTED]
Use e-gold's Secure Randomized Keyboard (SRK) when accessing your e-gold account(s)
via the web and shopping cart interfaces to help thwart keystroke loggers and common
viruses.
