>
> On 20/02/15 09:32, NdK wrote:
> > 1 - support for more keys (expired ENC keys, multiple signature keys)
>
At the very least, adding expired ENC keys to the card spec is a really
great suggestion. I'm trying to pitch people on using smart cards to secure
their email, and one common question I g
Il 01/03/2015 21:54, Peter Lebbing ha scritto:
> No, I'm talking about that as well. And I don't think the fingerprint of
> the host is part of the signed data or the signature. Why do you think the
> fingerprint of the host is part of that?
Because I didn't remember well the SSH protocol...
> By
On 01/03/15 17:43, NdK wrote:
> while I was talking of remote user auth (so using openpgp card instead of
> ~/.ssh/id_* keys -- something that's already doable).
No, I'm talking about that as well. And I don't think the fingerprint of
the host is part of the signed data or the signature. Why do yo
On 27/02/15 21:59, NdK wrote:
> For auth it should be the hash of the host's pub key, the same SSH shows
> you the first time you connect to that host.
I think you're confusing /host/ authentication and /user/
authentication. I was talking about using the auth key on your OpenPGP
card to do user a
Il 27/02/2015 19:43, Peter Lebbing ha scritto:
> I don't understand the practical difference between HOTP and the button
> to confirm an action.
That the HOTP doesn't need HW support so it can be implemented in
standard smartcards.
>> If that info is embedded in the signature packet, it could add
On 21/02/15 19:54, NdK wrote:
>>> 4 - HOTP PINs for signature/certification keys
>> What generates the HOTP then? Do you type a PIN on the HOTP device to get
>> the HOTP?
> No need. Just an applet on the phone could do. At least if you aren't
> using the same phone to do the crypto.
I don't under
Il 22/02/2015 01:46, Yuji -UG- Imai ha scritto:
> For token type card, how about appending one more usb port to connect
> keyboard? It's just for inputing PIN/passphrase or out-of-bound auth
> by hitting the Enter key. USB ten keys like V7 KP0N1-7N0P Numeric keypad
> looks suitable for this purpos
Hi,
2015年2月20日金曜日、NdK>さんは書きました:
> Hello all.
>
> What I'd like to see addressed in future card
> 6 - support for out-of-band authorization (HW)
>
For token type card, how about appending one more usb port to connect
keyboard? It's just for inputing PIN/passphrase or out-of-bound auth
by hitting
Il 21/02/2015 17:54, Daniel Kahn Gillmor ha scritto:
> If the malware is keeping the session keys around, it can just keep the
> session keys for everything you ever decrypt, and use them anyway to
> access your encrypted documents, independent of your button-presses.
Or just sniff the PIN.
> You
Il 21/02/2015 12:51, Peter Lebbing ha scritto:
>> 1 - support for more keys (expired ENC keys, multiple signature keys)
> Yes! This would be a great feature to keep expired encryption keys on a card.
> I
> personally would have no use for more than 1 signature and 1 authentication
> key,
> but I
On Sat 2015-02-21 06:51:15 -0500, Peter Lebbing wrote:
> Oh ouch. I suddenly realise something about the canary press-to-decrypt button
> (point 6). I've thought of a nasty attack. Maybe it's not such a great canary
> for decryption keys...
>
> So I access mail A, which is encrypted, and my PC is c
On 20/02/15 09:32, NdK wrote:
> 1 - support for more keys (expired ENC keys, multiple signature keys)
Yes! This would be a great feature to keep expired encryption keys on a card. I
personally would have no use for more than 1 signature and 1 authentication key,
but I don't see a reason why you wo
Il 20/02/2015 16:07, Ville Määttä ha scritto:
5 - possibility to export private keys to user-certified devices
That pretty much defeats the point of using a smart card in the first
place.
>> That's not "uncontrolled export", and in fact…
>> …(snip)…
>> while importing a key (so tha
On 20.02.15 15:27, NdK wrote:
>>> 5 - possibility to export private keys to user-certified devices
>> > That pretty much defeats the point of using a smart card in the first
>> > place.
> That's not "uncontrolled export", and in fact…
> …(snip)…
> while importing a key (so that you "can't" alter -
Il 20/02/2015 11:36, Jonathan Schleifer ha scritto:
>> 1 - support for more keys (expired ENC keys, multiple signature keys)
> And maybe for storing a certification key with a different PIN.
Wasn't it covered by
2 - different PINs for different keys
? :)
>> 5 - possibility to export private keys
Am 20.02.2015 um 09:32 schrieb NdK :
> 1 - support for more keys (expired ENC keys, multiple signature keys)
And maybe for storing a certification key with a different PIN.
> 5 - possibility to export private keys to user-certified devices
That pretty much defeats the point of using a smart car
Hello all.
What I'd like to see addressed in future card specifications:
1 - support for more keys (expired ENC keys, multiple signature keys)
2 - different PINs for different keys
3 - separate key for NFC auth (with its own optional PIN)
4 - HOTP PINs for signature/certification keys
5 - possibil
17 matches
Mail list logo
