Hi Anders, > NFC is a *consumer* oriented solution. Such solutions by definition > do not even try to solve all problems you describe.
And this limits the usefullness. Authentication is essential core technology. If authentication is vulnerable to a MITM attack, then won't an e-Purse application likewise be vulnerable? > That the device > would authenticate to the reader is out of scope in that realm. You > should rather compare this to WLAN connections. Security is based on the sum of the pieces. If any part of the chain can be compromised, it is dangerous to be used for any sort of financial transaction. > There are no share secrets as that does not scale to a 2 billion user > level (2008). Yes. Which is why PKI is important to authenticate the reader as well as the card. Of if it's not used between the reader and the NFC device, the device has to ensure that data traveling THROUGH the reader is secure. > > >From a security point of view it is though worth mentioning that > - PIN codes stay in the device > - Security operations are never performed without informaing/questioning the user > > =========================================== > This is something existing smart card systems fail to achieve. > =========================================== Which is why NFC is interesting. > And again: human-related problems are much bigger and no crypto > in the world will ever solve it. > > Anders Sure. But unless there is a secure infrastructure, and open review of the technology, consumer deployment of NFC will be limited. The same holds true for existing smartcard products, by the way, as well as BlueTooth and ZigBee. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
