On Fri, 2 Feb 2007 [EMAIL PROTECTED] wrote: > That being said I'm certainly no IETF politician.
Good. Neither are the rest of us, for the most part. What we are is engineers trying to produce quality network protocol standards, preferably in non-infinite amounts of time. If you have something to contribute, please do. > Its not sexy, nor fun, like building a > new desktop environment so there is a paucity of Open-Source interest > in the arena. On the contrary, I think you'll find there are plenty of people who consider work at this level fun. I, for one, consider things like a good desktop environment important but have absolutely no desire to actually work on them. It really does take all kinds, or at least more than one kind. > The only organizational challenge is dealing with the user who forgot > their CryptoCard the last time they flew to Europe and now have it > securely duct taped to the back of their laptop, with the pin number > written in magic marker on the duct tape so they don't forget it. Yes; hardware tokens have some of the same challenges as softtokens; they just manifest themselves in slightly different ways. The comment someone made earlier about using a thumbprint scanner in place of a PIN(*) intrigues me, though I'm not yet convinced it's actually feasible, and of course it doesn't apply in the situations where you want a softtoken to avoid special hardware. Just to be clear, I'm not suggesting that there is no place for soft tokens, either of the traditional type which stores a private key or of the sort you propose. I was simply pointing out that these don't work in the same way as hardware tokens or smartcards, or each other for that matter. Each technology has different features, and it's precisely _because_ your proposal doesn't work like a smartcard that makes it interesting in the first place. (*) Note that what he actually proposed was using a thumbprint scanner to produce keying material, but that's not actually workable, because the output from such a scanner does not have enough deterministic bits to produce a strong key. -- Jeff ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos