But authentication works in that scenario because the protocols can allow each user to have as many keys as they need. The key is not shared across devices, the protocols allow for multiple cards per end user
Sent from my iPad On Feb 8, 2012, at 12:06, Stephen Kent <[email protected]> wrote: > At 6:52 PM -0500 2/7/12, Phillip Hallam-Baker wrote: > >> ... >> >> The reason I no longer believe in end-to-end solutions is that the >> endpoint for a public key is always a machine and the desired endpoint >> is a person. > > yes, the machine is the endpoint, but machines are always in the loop for the > sorts of transactions we're discussing, unless we're very restrictive. The > EU-inspired PIN pad + display that shows the user a number representing a > value being authorized by a sig is an exception.) > > So, I don't agree that the distinction between the user and a machine > operated by a user is really significant, in the end. (Yes, I am ware of the > many security problems that arise because the user doesn't really know what > the code is doing, but nothing is perfect.) > >> ... >> >> Any scheme that does not take account of the fact that a user must be >> able to access their account from at lest fifteen different devices, >> some of which will be mobile and possibly lost is useless in the real >> world. The military can tollerate such systems because they will order >> people to use them. > > I agree that credential portability is essential. BTW, the US DoD operates > more like a company with an eye on the bottom line than a monolithic > security-focused organization, as you suggest above :-). > >> S/MIME with a private key shared to fifteen devices no longer looks >> very secure to me. > > Crednetial portability does not necessarily imply a private key kept in SW in > every device. > > Steve _______________________________________________ therightkey mailing list [email protected] https://www.ietf.org/mailman/listinfo/therightkey
