Andreas Jellinghaus wrote: > Am Montag 19 April 2010 21:05:12 schrieb Anders Rundgren: >> The alternative, using an ever increasing number of userid/passwords >> pairs does not seem like the best idea either. So it is one lousy >> idea against another lousy idea? May the lousiest idea win :-)
> here is mine: use smart phones. This is how actually I got started. It is a very useful idea. http://keycenter.webpki.org the only reason for caring about smart cards is to reach the critical mass for the provisioning stuff. So far the industry haven't succeeded in creating/establishing anything in this space so it is up to grabbers. /Anders > > we can write programs and even change the operating system, so that > makes development easy. > > they have all kinds of communication mechanism, so we can choose whatever > we want (e.g. usb, bluetooth, wlan). > > they aren't as restricted as cards, so development is easy. > > I would like to see: > * proximity detection -> lock your screen if you leave your desk. > * secure logon: if I need to enter a pin, I do that on the mobile, > not on the pc I want to access. > * better signing: ship the pdf to the phone, display it, sign it > there, send it back. > * central configuration: lets store ssh known_hosts, ssl root ca > list, and settings like allowed/forbidden ciphers all in one > central place, and not again and again for each application. > > sure, some smart phones are as insecure as pc's: there is one > user, and all apps run as that user, and they have all rights > the user has. thus such phones are more insecure than pcs > (no anti virus, firewall, tools to manage security, ...). > > but at least android has a nice design: sandboxes for all > applications with a detailed security model (still not very > good, like vista users everyone accepts everything some app > will ask for). > > so how would a good communication pc <-> phone look like? > use usb, bluetooth or wlan? wlan isn't good enough for > proximity, usb would be best. but I have no clue how to > write a new usb protocol. some "ssl over usb" would be nice > to authenticate device <-> pc and allow other protocols on > top of that. > > but my lousy idea is for authentication on desktops and signing > only. what to do about public transportation smart cards and > security cards for access (doors etc.)? no idea. > > Regards, Andreas > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
