[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[KEYPROV] IETF KEYPROV bar discussion topic

To: "KEYPROV" <keyprov at ietf.org>
Subject: [KEYPROV] IETF KEYPROV bar discussion topic
From: "Anders Rundgren" <anders.rundgren at telia.com>
Date: Tue, 24 Mar 2009 22:01:08 +0100
Delivered-to: keyprov at core3.amsl.com
List-archive: <http://www.ietf.org/mail-archive/web/keyprov>
List-help: <mailto:keyprov-request@ietf.org?subject=help>
List-id: "Provisioning of Symmetric Keys \(keyprov\)" <keyprov.ietf.org>
List-post: <mailto:keyprov@ietf.org>
List-subscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www.ietf.org/mailman/listinfo/keyprov>, <mailto:keyprov-request@ietf.org?subject=unsubscribe>

A major problem with stuff like KEYPROV and KeyGen2 as well as older schemes like <keygen>, generateCRMFRequest() and CertEnroll is the absence of a suitable container and compatible middleware for cryptographic keys.

It is true that governments, banks and a fraction of private businesses can afford the hassle and cost associated with regular smart cards but the fact is that they almost without exception use physical token distribution making provisioning protocols of pretty marginal interest.

I guess this is already a dead duck, but I don't see why it is impossible to set aside 10M of flash in a (reprogrammed) but HW-wise standard USB memory stick and use that for key storage and execution.

Anders Rundgren

Prev by Date: [KEYPROV] DSKPP and <TokenPlatformInfoType>
Next by Date: [KEYPROV] My notes from today
Previous by thread: [KEYPROV] DSKPP and <TokenPlatformInfoType>
Next by thread: [KEYPROV] My notes from today
Index(es):
- Date
- Thread