On Wed, 2007-01-31 at 07:02 -0500, Sam Hartman wrote: > So, the USB flash stores the 160-bit RSA encrypted user identity? > > > > > I think that this approach or something like it could be useful. I'm > not sure I'm happy with your key schedule, or some of the crypto > details. I'd prefer to think about whether RFC 3961 might provide > better options. Similarly, I'm not sure what you get out of RSA > encryption. > > An alternative proposal that seems like it would do the same thing > from a security standpoint would be a way to combine a password key > with pkinit. You could store a soft certificate on a USB token.
I think developing a cross-platform USB 'tumb drive' based soft token would be an immense benefit. It could make PKINIT real for many small sites that do not yet wish to invest in a token stack, and perhaps more importantly, make PKINIT and smart-card login something that developers and interested technical users can test with resources to hand. Andrew Bartlett -- Andrew Bartlett <[EMAIL PROTECTED]>
signature.asc
Description: This is a digitally signed message part
________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos