>Perhaps I used the wrong choice of words. Symmetric keys can't scale to >2 billion users. Assymetric keys are necessary. I don't mean that a >fully integrated PKI is necessary. But some infrastucture may be >needed if one is going to trust a strange system.
Although desirable, such requirements can be prohibitive due to costs. Also there is a problem with "trust" because trust and authenticated are not equivalent. If I signed this mail I could be PKI-wise be properly authenticated but that does not help you much as you don't know me and I live a long way from you. This automatic trust of things or people that you never had any previous contact with is a "wet dream" that PKI promoters have pushed in vain. Things don't work this way. Of course you could subscribe to a TTP service that does this for you but how much are we prepared to pay for that? >If I approach a vending machine, an ATM, or a network access point, >how can I be assured it's legitimate? This is a good example. To release money from an account in an on-line world the user (account owner) should be strongly authenticated. For this PKI works fine as the bank probably have issued the certificate as well. So how do I know that this is a proper ATM? This is how I see this operation could be performed: Bad way: Having the user / card / device recognize the authenticity of ATM. Using PKI that would require the root(s) of ATM PKIs be carried around. Will not happen. Ever. Better way: Let the financial trust network handle ATM-to-bank authentication. This is probably how it is done today. An ATM that is withholding money is like a merchant that only sends you one item despite the fact you ordered three. I don't see that cryptopraphy has much to offer here. ============================================= Therefore I believe card to reader authentication is a generally bad idea that only works for a very limited set of operations. ============================================= Using NFC and mobile devices I can at least eliminate PIN-code theft and "innovative background processing" that discrete smart cards are highly vulnerable to. _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.drizzle.com/mailman/listinfo/muscle
