In this case, heck, no. The whole point of this thing is that it is
NOT remotely programmable to keep malware out.
Which is perhaps why it is not a good idea to embed an SSL engine in such
a device.
Agreed. A display and signing engine would be quite adequate.
Such a device does however
jo...@iecc.com (John Levine) on Wednesday, November 18, 2009 wrote:
Such a device does however need to be able to suppor multiple mutually
distrusting verifiers, thus the destination public key is managed by
the untrusted PC + browser, only the device signing key is inside
the trust boundary. A