Am Mittwoch 21 April 2010 08:34:29 schrieb Peter Stuge: > Again, what part of the PC system would be authenticated by the token? > Basically; what purpose does the authentication serve for the token?
for example I would like to put my openssh known_hosts on a smart phone, so it is current with all machines I use. for read access to the desktop: it would be ok for me to publish it to a *well known* desktop without asking me. but to a strange desktop: please don't do that (for privacy reasons). > Or for the PC, for that matter? > > > talk whatever protocol you want over that, for example to request > > some signature from other keys (one that needs the user to enter > > the pin e.g.), push pdf's for signing or whatever. > > Is there a point in pushing a PDF if it can't be verified by the user > on the token? well, if the token is a smart phone, it can display the pdf and show it to me, before I agree to sign it. thats my whole point: smart cards/ usb crypto tokens, even with pinpad readers, have this problem of not being able to display a pdf before I sign it. a simple nice personal, trusted device with a real screen and input system and security system build in could do that on the other hand. wait! I already have something like that, my mobile phone ... so that is my way to think about this. Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
