From owner-freebsd-security Wed Oct 7 07:43:51 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id HAA01916 for freebsd-security-outgoing; Wed, 7 Oct 1998 07:43:51 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from fledge.watson.org (COPLAND.CODA.CS.CMU.EDU [128.2.222.48]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id HAA01895 for ; Wed, 7 Oct 1998 07:43:47 -0700 (PDT) (envelope-from robert@cyrus.watson.org) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.8.8/8.8.8) with SMTP id KAA03928; Wed, 7 Oct 1998 10:42:41 -0400 (EDT) Date: Wed, 7 Oct 1998 10:42:41 -0400 (EDT) From: Robert Watson X-Sender: robert@fledge.watson.org Reply-To: Robert Watson To: Wes Peters cc: Chuck Robey , "Jeffrey J. Mountin" , Sean Kelly , Nate Williams , FreeBSD-security@FreeBSD.ORG Subject: Re: Java-based Crypto Decoder Ring gets NIST FIPS 140-1 certification (fwd) In-Reply-To: <361AFB3C.969B7CD3@softweyr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Tue, 6 Oct 1998, Wes Peters wrote: > Chuck Robey wrote: > > > > You guys are missing the central fact: No, it's not perfect. Yes, it's > > far better than what we have today. > > > > On the other hand, maybe you guys are joking, and I'm being too serious? > > The thing _really is_ a ring, you can see it on their web site, and it' > > seems really cheap. I'm going to get more info ... > > I agree that a Java ring with your PGP key on it is a great idea, both > for personal authentication and to store your PGP key in a private > place. I think most users would be astonished to learn that if they > ever store a PGP key on their employer's computer (at least in the > USA) it pretty much becomes legal property of the employer. So here is my concern with keeping the key in a ring. For me, the goal of keeping a key in a smart device would be that I would not want to put my key on a multi-user machine that I was not sure I trusted. On the other hand, I might want to approve an electronic transaction on such a machine by signing data provided by the machine. Example. I carry my key in my Spiffy Java Decoder Ring, and I want to sign a digital check. I do not want to allow my key onto the untrusted machine in front of me running Netscape to get to the electronic storefront. In this case, the ideal key for me is one I plug in, and has a little display and a button or two. I type in my pin number, and it decrypts the pgp key stored in the ring. The ring then displays the comment field of the check, the to: field, and the amount, and prompts for confirmation, all from the digital check transfered to the ring. If I approve the transaction, the ring signs or encrypts the check with the key, and sends it back to the computer. The same goes for authentication. I am willing to participate in a challenge/response with the machine, but I am not willing to provide it with my key. I am also not willing to perform an endless sequence of challenge/response as it plays man-in-the-middle games with my ring. So really my Ring looks a lot like a PCMCIA card with a little calculator on the side looking like one of the SNK calculators, except more chatty. So my feeling is a 'Ring' is cool, but not so useful, whereas a 'Card is useful, but not so cool. :) Robert N Watson Carnegie Mellon University http://www.cmu.edu/ TIS Labs at Network Associates, Inc. http://www.tis.com/ SafePort Network Services http://www.safeport.com/ robert@fledge.watson.org http://www.watson.org/~robert/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message