OTOH, a Palm isn't quite a 'secure' OS, either.. Sure, you can at
least see what you are signing, but there is no secure key storage
available. A trojan application could easily steal your credentials
off a PalmPilot. I don't know if this is the case for an iButton.
Adoption rates for hand-helds hinge on multi-functionality
(something for everyone who'll buy) yet the power of the
hand-held hinges on secure OS (authorization with teeth,
as we here understand the concept).
| secure OS | multifunction
----------+-----------+--------------
smartcard | yes | no
----------+-----------+--------------
Palm | no | yes
So, which is easier to fix -- adding a security kernel to
the Palm or adding multi-function-ness to the smartcard?
I'd say the security kernel for the Palm is by far easier
unless and until the physics of the smartcard flex requirement
are beaten somehow -- but why bother? Except as a container
object, I'd say that the niche smartcards occupy is going
away and going away fast. Wallet elimination versus wallet
thinning, as it were.
--dan
