-BEGIN PGP SIGNED MESSAGE-
On Tue, Dec 20, 2016 at 04:24:37PM -0500, Jean-Philippe Ouellet wrote:
> On Tue, Dec 20, 2016 at 10:22 AM, wrote:
> > it wouldn't require external services like TOTP and other variations.
> The reason TOTP isn't
On Tue, Dec 20, 2016 at 4:09 PM, Jean-Philippe Ouellet wrote:
> It does now somehow detect that your computer has been evil-maided, nor
> prevent it from being so.
"does now" should be "does not"
It's been a rough day >_>
You received this message because you are subscribed
On Tue, Dec 20, 2016 at 4:00 PM, Jean-Philippe Ouellet wrote:
> Unless you can come up with some cryptographically-sound way to
> integrate the information provided by a 2nd factor as a hard
> requirement to complete the secrets-unsealing-at-boot process, then
> the evil-maided
If I understand correctly, it would be completely useless.
The point of AEM is ultimately to somehow authenticate the computer to
the user, rather than the more common direction of authenticating the
identify of a user to the computer (which IIUC is all that U2F can
provide, where in the U2F case