Am Montag 19 April 2010 21:05:12 schrieb Anders Rundgren: > The alternative, using an ever increasing number of userid/passwords > pairs does not seem like the best idea either. So it is one lousy > idea against another lousy idea? May the lousiest idea win :-)
here is mine: use smart phones. we can write programs and even change the operating system, so that makes development easy. they have all kinds of communication mechanism, so we can choose whatever we want (e.g. usb, bluetooth, wlan). they aren't as restricted as cards, so development is easy. I would like to see: * proximity detection -> lock your screen if you leave your desk. * secure logon: if I need to enter a pin, I do that on the mobile, not on the pc I want to access. * better signing: ship the pdf to the phone, display it, sign it there, send it back. * central configuration: lets store ssh known_hosts, ssl root ca list, and settings like allowed/forbidden ciphers all in one central place, and not again and again for each application. sure, some smart phones are as insecure as pc's: there is one user, and all apps run as that user, and they have all rights the user has. thus such phones are more insecure than pcs (no anti virus, firewall, tools to manage security, ...). but at least android has a nice design: sandboxes for all applications with a detailed security model (still not very good, like vista users everyone accepts everything some app will ask for). so how would a good communication pc <-> phone look like? use usb, bluetooth or wlan? wlan isn't good enough for proximity, usb would be best. but I have no clue how to write a new usb protocol. some "ssl over usb" would be nice to authenticate device <-> pc and allow other protocols on top of that. but my lousy idea is for authentication on desktops and signing only. what to do about public transportation smart cards and security cards for access (doors etc.)? no idea. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
