Am Dienstag 20 April 2010 20:48:07 schrieb Douglas E. Engert:
> Andreas Jellinghaus wrote:
> > Am Dienstag 20 April 2010 07:18:41 schrieb Anders Rundgren:
> >>> The idea is to make it. It should be really straightforward, and
> >>> useful if the token you want to design is centered around PKCS#11
> >>> operations.
> >>
> >> Then we are *exactly* on the same page, we need NEW tokens!
> >
> > why does it have to be a token? why not a modification for the software
> > of my smart phone?
> 
> Because your smart phone is becoming your PC, with too many applications
> and complicated OSes that introduce additional security risks?

with iphone or windows mobile: I would agree. if they have a sophisticated
security concept to make the system different from normal PC operating 
systems, that would be new to me.

but android looks quite nice, with each application sandboxed and strikt
rules for communication. sure: not perfect, but a nice first step in the
right direction from my point of view.

also what good is there, if my pc is hacked, then why use a smart card?
a hacker could manipulate the pdf I want to sign, so it shows "10$"
while the one I sign with the card would be "10.000$"...

sure with smart cards you can maybe steal a signature, but not the key
itself. but admitting, that pc + smart card is better than pc + password,
but not perfect, is a good first step in allowing other solutions too:
they don't have to be perfect either.

so my "smart phone" idea is my silly ideas to this discussion about 
alternative concepts. no need for everyone to jump on this wagon.
but maybe we can discuss everyone else "silly idea" too, and see
what architectures could help several people?

Regards, Andreas
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to