> Smart card is not the device authors discuss in that paper, but it is > a small, evolutionary step toward it.
Not really. What's the trusted device in the system? It's still the desktop PC. A compromise there leads to so many different and catastrophic attacks that it needs to be called a game-over. > It is the best that many users who agree with the quoted sentence > have at their disposal at the moment. It might not prevent all > imaginable attacks, but it could prevent enough of those to make it > worth deploying. No. The game-over condition without a smartcard is, "my computer gets compromised by an attacker." The game-over condition with a smartcard is, "my computer gets compromised by an attacker." There are *some* use cases where smart cards lead to better risk mitigation. But as a general rule, no, smart cards are not ready for prime time. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
