TPMs will become the likely replacement for smart cards when generally available in mobile phones. The silicon cost is extremely low. Together with NFC and similar low-range RF technologies you get a very simple cable/reader/card emulator with the advantage that you run the security GUI in a trusted environment.
I do not see such a scheme as a virtual PKCS #11 or CryptoAPI interface, it will hopefully work at a much higher level. This will though require considerable changes in FF for example. A thing that is missing are standards for key provisioning that are generally supported. It appears that neither Xenroll, KeyGen nor generateCRMFrequest has what it takes. Anders ----- Original Message ----- From: "Peter Djalaliev" <[EMAIL PROTECTED]> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Monday, August 27, 2007 07:56 Subject: Re: On use of authenticated cryptography Apart from that, I completely approve of TPMs being implemented as PKCS#11 modules. This TPM-enabled feature will probably reach the mass users; it offers clear advantage over storing privates keys on a disk. One problem with smart cards is that users may not understand them. It is a piece of hardware that they need to use properly in order to preserve security. As we see from previous messages in this discussion thread (blindly accepting self-signed certificates), users do not properly execute security-sensitive actions. Regards, Peter Djalaliev _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto