RE: Is there any future for smartcards?

1) GSM/3G handsets are networked card readers that are pretty successful. They are I'd wager about as secure as an ATM or a POS, particularly with respect to social attacks. 2) ISO is currently writing a standard for a secure home card reader. The starting point is FINREAD. See JTC1/SC17/SG4/TF10

Re: Another entry in the internet security hall of shame....

James A. Donald wrote: > For PKI to have all these wonderful benefits, everyone > needs his own certificate. But the masses have not come > to the party, in part because of the rather Orwellian > requirements. Obviously I cannot get a certificate > testifying that I am the one true James Donald,

Re: The cost of online anonymity

From: "R.A. Hettinga" <[EMAIL PROTECTED]> > > Digital evidence expert at the London School of Economics, Peter Sommer > says: "A few years ago I was very much in favour of libertarian computing. > > "What changed my mind wa

Clearing sensitive in-memory data in perl

Does anyone know of an open source crypto package written in perl that is careful to try to clear sensitive data structures before they are released to the garbage collector? Failing that, does anyone know of an example that tries to deal with the particularly bad effect that at least on some

The cost of online anonymity

--- begin forwarded text Date: Sun, 11 Sep 2005 17:02:13 -0400 To: Philodox Clips List <[EMAIL PROTECTED]> From: "R.A. Hettinga" <[EMAIL PROTECTED]> Subject: The cost of online anonymity The BBC Friday, 9 September 2005,

Re: ECC patents?

Alexander Klimov wrote: Hi. ECC is known since 1985 but seems to be absent in popular free software packages, e.g., neither gnupg nor openssl has it (even if the relevant patches were created). It looks like the main reason is some patent uncertainty in this area. An internet research shows tha

Re: Is there any future for smartcards?

On Sun, Sep 11, 2005 at 10:53:34PM +1200, Peter Gutmann wrote: > The problem with this is that in 99.99% of cases the insecure networked > machine *is* the reader, rendering the smart card pretty much pointless. I've Pat Farrel spoke about the infrastructure required for smartcards to have at al

ECC patents?

Hi. ECC is known since 1985 but seems to be absent in popular free software packages, e.g., neither gnupg nor openssl has it (even if the relevant patches were created). It looks like the main reason is some patent uncertainty in this area. An internet research shows that Certicom claims to hold

Re: Is there any future for smartcards?

Eugen Leitl <[EMAIL PROTECTED]> writes: >On Wed, Sep 07, 2005 at 06:08:25PM -0400, Pat Farrell wrote: >> Something tells me that soon is not gonna happen in what I would >> call soon. Smartcards (the smart part) were moderately interesting >> when there was no networking. We've been at ubiquitous n

Re: Is there any future for smartcards?

Pat Farrell <[EMAIL PROTECTED]> writes: >Is there a real problem that they uniquely solve, sufficient to drive the >building of the needed infrastructure? I don't see it, and I'd love to be >made smarter. Smart cards were cool in the 1970s because back then it was almost science- fiction technolo

Re: Another entry in the internet security hall of shame....

-- Peter Gutmann > Long before the discussion on this list, there were > already missionaries coming to the ietf-tls list to > enlighten the heathens who dared to mention PSK and > remind them of their duty to support PKI in all its > infinite perfection, and not to take any false gods > before