Re: Public key validation and Proof of possession

[Michael Ströder <michael@xxxxxxxxxxxx>]

Russ Housley wrote:
> 
> - Smartcards are still low-end processors.  As you point out, they are
> getting more powerful all the time.

In a real-world project I'd prefer to spend more money for a more
powerful smartcard over messing around with applications which are badly
implemented because the standards are getting too complicated.

> - RFID are very low-power devices.  I'm sure that more capabilities will
> be added over time.  But right now, certificate parsing and validation
> is probably beyond their capabilities.  As they become more capable, I
> think that certificate-based protocols are appropriate in this environment.
> 
> In summary, I do not think it is unreasonable to consider features for
> low-end devices.  I believe that there will always be new low-end
> devices appearing, and at some point they may need to handle certificates.

But extending high-end certificate-based protocols to cover low-end
devices likely will make the protocols too complex to be ever securely
implemented.
=> PKIX should be limited to where it's applicable in the real world.

Ciao, Michael.