|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Muscle] Certificate generation
From: Tommaso Cucinotta (cucinotta
sssup.it)
Date: Thu May 12 2005 - 12:31:20 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
David Corcoran ha scritto:
> Hi,
>
> The method described there generates the keypair in your browser and
> sends the certificate off to the CA to be signed. This is then
> encrypted into a file (PKCS#12) that you can backup. You then can
> import this PKCS#12 file (by providing the encryption password) onto
> the token. So the security of this method is really based upon on
> secure your desktop is ....
Security of *any* method is somewhat based on the security of the
terminal on which you're operating while you generate your keypair.
This becomes absolutely true with MuscleCard, as a feature that is
missing since a too long time is distinguishing between a key that
has been imported from the outside, and one that has been generated
on the card, thus you would never understand if your terminal
transmitted a copy of your key to anyone else..... the terminal
is *supposed* to be trusted, when you format a card :-)
Even if we add such a feature, you would hardly distinguish if your
terminal just replaced the MuscleCard Applet with a different one
that claims your keys are NEVER_EXPORTABLE/EXTRACTABLE whereas they
were imported from the outside, again, the trusted terminal is
an assumption in the process.
Bye,
Tommaso.
_______________________________________________
Muscle mailing list
Musclelists.musclecard.com
http://lists.drizzle.com/mailman/listinfo/muscle
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]