[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: roaming credentials (sacred)
> Why not looking at PKCS#15 Soft Token there. This will be a good
> container for one or more credentials, and it has the ability to tell what
> is inside the container.
I'd agree that p#15 should be one of the formats we consider.
> Question if a user has access to many PKCS#15, how to we decide
> which one to use ?
That's something we need to figure out when/if we get to protocol
> Question PKCS#15 and (in most case PKCS#12) are protected by a
> password. Is that good enough ?
Nope. If we can't do better than a weak password, then we'd just
be making security worse by leaving credentials lying around
vulnerable to dictionary attacks (which'd hardly constitute a
successful security protocol:-).
> Should we use a type of one time password,
> can we make provision to get those passwords derived from some physical
> hardware (a chip serial number, a biometrics template,...) ?
Worked out suggestions are welcome. I do agree that it'd be nice
to allow cases where there is h/w on the client, but I don't think
we can mandate this (or if we do, no-one will do it!).
Baltimore Technologies, tel: (direct line) +353 1 647 7406
61 Fitzwilliam Lane, fax: +353 1 647 7499
Dublin 2. mailto:stephen.farrell@xxxxxxxxxxxx