Sam, I understand your objection to the solution depending on smart cards, but I think it still MUST support some form of external authentication component - not just X.509 based smart cards. For one, a substantial threat is the computer itself. If it is compromised one way to prevent access to services is by requiring such an external authentication. These cards also provide a trusted UI and should be listed as a possibility in your next section.
Furthermore, in section 4.5, (1) simply having X.509 server certificates is not sufficient defense due to iDNS (homoglyphic?) attacks and the like. I think there is no perfect way to accomplish 4.5. Section 4.6 assumes that there is a third party identity provider. This needn't be the case, but if it is, it is sufficient to have a name, a nonce, and a public/private key pair, is it not? Eliot _______________________________________________ dix mailing list [email protected] https://www1.ietf.org/mailman/listinfo/dix
