On Thursday, February 01, 2007 03:06:21 PM -0600 [EMAIL PROTECTED] wrote:
>> What keeps a user from copying the identity token from the USB >> device to a local or shared file system to avoid having to insert >> the USB device all the time? > > We were considering public flogging but were unsure if we could get it > into an IETF draft. <wg chair hat on> Anyone can submit an internet-draft; just write up your proposal according to <http://www.ietf.org/ietf/1id-guidelines.html> and send it off to [EMAIL PROTECTED] You should then bring up your proposal on the Kerberos Working Group mailing list, [EMAIL PROTECTED] We're beginning to move into the area of preauthentication and improving the initial authentication exchange, and while I can't guarantee that your proposal will be well-received, it will certainly receive the same consideration as a number of others that have recently been raised. <wg chair hat off> > Security starts with user training and making it unnecessary for them > to want to do things like that. In this case, I think that is unrealistic. The thing users want to avoid is "Oh, damn, I have to dig out this stupid USB thing and plug it in before I can use my computer, what a pain." They'll do that by copying the file off, especially after the first few instances of "Oh, damn, I have to dig out this stupid USB thing and plug it in to use my laptop, and I can't because I'm in Europe and the USB thingy is in Pittsburgh". -- Jeffrey T. Hutzelman (N3NHS) <[EMAIL PROTECTED]> Sr. Research Systems Programmer School of Computer Science - Research Computing Facility Carnegie Mellon University - Pittsburgh, PA ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos