On Thu, 2010-09-02 at 19:00 +0300, Martin Paljak wrote: > On Sep 2, 2010, at 6:37 PM, Andre Zepezauer wrote: > > And when this portable brakes, can I use the TPM (with keys on it) in a > > replacement part? > > The situation is no different if your SD card breaks. > Or the TPM chip on the motherboard breaks - you do not get your keys, nor is > it easily replaceable. > > From good key management perspective, the MTBF of your portable might be > longer than a paranoid re-keying period. > > (People use crypto are usually a bit paranoid so you should care about > re-keying. Companies use crypto if they have assets to protect and money to > lose. Unlike people at home, companies usually have procedures and plans for > key management, something that home users usually ignore) > > Business continuity, including proper key management and PKI, is hard :)
How can the best "plan for key management" help, if for example a laptop breaks on an international business trip _and_ the keys were stored on a TPM? With keys on a removable device (SD card for example) "business continuity" would be guarantied as long the affected person is able to get a replacement device. Martin have you realised, that we haven't discovered any single disadvantage of SD smart cards so far? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
