|
Since WGLC is approaching, for those who see a
possible continuation of KEYPROV, the following may be of some interest.
After realizing that USB memory sticks could be
retrofitted as multi-use smart cards by using ECC keys, I have started a
major upgrade of KeyGen2 to make it compatible with such devices as
well.
Aren't real smart cards better? From a
tamper-resistance point-of-view [currently] yes, but from a provisioning
point of view smart cards have a long way to go. From the SKS
paper:
"even if you buy a $100 card; it still doesn?t
enable an on-line issuer
to verify that keys were actually created in the
card!"
"Air-tight provisioning",
the basics:
If you take a look at "Dual-use Device IDs", you will find a novel
(?) use of device certificates.
"Air-tight provisioning",
core facility: http://webpki.org/papers/keygen2/session-key-establishment--security-element-2-server.pdfAnders Rundgren
|