[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))

To: Stephen Kent <kent@xxxxxxxxxxx>, "'Waters, Stephen'" <Stephen.Waters@xxxxxxxxxxxxx>, "'ietf-pkix@xxxxxxx'" <ietf-pkix@xxxxxxx>
Subject: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
From: Anders Rundgren <anders.rundgren@xxxxxxxxxx>
Date: Mon, 19 Jul 1999 15:58:49 +0200

Stephen W,
<snip>
>As an example, I am using a certificate Smartcard with a pin-number
>protected private key for VPN access to my head office.  If the laptop and
>smartcard are stolen, the thief can play with them until he has cracked the
>pin number. The thief can do this off-line with no contact with the VPN
>server. Once cracked, they can connect to the Internet, and contact the VPN
>server.

Is it that easy?
I doubt that a thief can "play" with the smart-card until he/she cracks the PIN-code.

After lets say tree tries most smart-cards become  "neutralized" and requires a
much harder PUK-code to be reactivated.  It is also easy for a smart-card
to introduce a for a human negligible delay that makes computerized attacks
less fruitful.

The only method I know of requires opening the chip and manipulations at silicon-
level.  This is not for everybody.

Anders

Prev by Date: Re[some tuple]: Digital Signature Laws (was Re: KISS for PKIX)
Next by Date: Request For Help .
Previous by thread: Re[some tuple]: Digital Signature Laws (was Re: KISS for PKIX)
Next by thread: Request For Help .
Index(es):
- Date
- Thread