On 20/02/15 09:32, NdK wrote:
1 - support for more keys (expired ENC keys, multiple signature keys)
At the very least, adding expired ENC keys to the card spec is a really
great suggestion. I'm trying to pitch people on using smart cards to secure
their email, and one common question I get
Il 01/03/2015 21:54, Peter Lebbing ha scritto:
No, I'm talking about that as well. And I don't think the fingerprint of
the host is part of the signed data or the signature. Why do you think the
fingerprint of the host is part of that?
Because I didn't remember well the SSH protocol...
By
On 01/03/15 17:43, NdK wrote:
while I was talking of remote user auth (so using openpgp card instead of
~/.ssh/id_* keys -- something that's already doable).
No, I'm talking about that as well. And I don't think the fingerprint of
the host is part of the signed data or the signature. Why do you
On 21/02/15 19:54, NdK wrote:
4 - HOTP PINs for signature/certification keys
What generates the HOTP then? Do you type a PIN on the HOTP device to get
the HOTP?
No need. Just an applet on the phone could do. At least if you aren't
using the same phone to do the crypto.
I don't understand
Il 27/02/2015 19:43, Peter Lebbing ha scritto:
I don't understand the practical difference between HOTP and the button
to confirm an action.
That the HOTP doesn't need HW support so it can be implemented in
standard smartcards.
If that info is embedded in the signature packet, it could add
On 27/02/15 21:59, NdK wrote:
For auth it should be the hash of the host's pub key, the same SSH shows
you the first time you connect to that host.
I think you're confusing /host/ authentication and /user/
authentication. I was talking about using the auth key on your OpenPGP
card to do user
Il 22/02/2015 01:46, Yuji -UG- Imai ha scritto:
For token type card, how about appending one more usb port to connect
keyboard? It's just for inputing PIN/passphrase or out-of-bound auth
by hitting the Enter key. USB ten keys like V7 KP0N1-7N0P Numeric keypad
looks suitable for this purpose.
Hi,
2015年2月20日金曜日、NdKndk.cla...@gmail.com
javascript:_e(%7B%7D,'cvml','ndk.cla...@gmail.com');さんは書きました:
Hello all.
What I'd like to see addressed in future card
6 - support for out-of-band authorization (HW)
For token type card, how about appending one more usb port to connect
keyboard?
On Sat 2015-02-21 06:51:15 -0500, Peter Lebbing wrote:
Oh ouch. I suddenly realise something about the canary press-to-decrypt button
(point 6). I've thought of a nasty attack. Maybe it's not such a great canary
for decryption keys...
So I access mail A, which is encrypted, and my PC is
Il 21/02/2015 12:51, Peter Lebbing ha scritto:
1 - support for more keys (expired ENC keys, multiple signature keys)
Yes! This would be a great feature to keep expired encryption keys on a card.
I
personally would have no use for more than 1 signature and 1 authentication
key,
but I don't
On 20/02/15 09:32, NdK wrote:
1 - support for more keys (expired ENC keys, multiple signature keys)
Yes! This would be a great feature to keep expired encryption keys on a card. I
personally would have no use for more than 1 signature and 1 authentication key,
but I don't see a reason why you
Il 21/02/2015 17:54, Daniel Kahn Gillmor ha scritto:
If the malware is keeping the session keys around, it can just keep the
session keys for everything you ever decrypt, and use them anyway to
access your encrypted documents, independent of your button-presses.
Or just sniff the PIN.
You're
Am 20.02.2015 um 09:32 schrieb NdK ndk.cla...@gmail.com:
1 - support for more keys (expired ENC keys, multiple signature keys)
And maybe for storing a certification key with a different PIN.
5 - possibility to export private keys to user-certified devices
That pretty much defeats the point
Hello all.
What I'd like to see addressed in future card specifications:
1 - support for more keys (expired ENC keys, multiple signature keys)
2 - different PINs for different keys
3 - separate key for NFC auth (with its own optional PIN)
4 - HOTP PINs for signature/certification keys
5 -
Il 20/02/2015 11:36, Jonathan Schleifer ha scritto:
1 - support for more keys (expired ENC keys, multiple signature keys)
And maybe for storing a certification key with a different PIN.
Wasn't it covered by
2 - different PINs for different keys
? :)
5 - possibility to export private keys to
On 20.02.15 15:27, NdK wrote:
5 - possibility to export private keys to user-certified devices
That pretty much defeats the point of using a smart card in the first
place.
That's not uncontrolled export, and in fact…
…(snip)…
while importing a key (so that you can't alter -actually
it's
Il 20/02/2015 16:07, Ville Määttä ha scritto:
5 - possibility to export private keys to user-certified devices
That pretty much defeats the point of using a smart card in the first
place.
That's not uncontrolled export, and in fact…
…(snip)…
while importing a key (so that you can't alter
17 matches
Mail list logo
