James A. Donald wrote:
we already have the answer, and have had it for a decade: store it on a trusted machine. Just say no to Windows XP. It's easy, especially when he's storing a bearer bond worth a car.
What machine, attached to a network, using a web browser, and sending and receiving mail, would you trust?
None. But a machine that had one purpose in life: to manage the bearer bond, that could be trusted to a reasonable degree. The trick is to stop thinking of the machine as a general purpose computer and think of it as a platform for one single application. Then secure that machine/OS/ stack/application combination.
Oh, and make it small enough to fit in the pocket, put a display *and* a keypad on it, and tell the user not to lose it.
iang
--------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]