On 7/17/06, Anders Rundgren <[EMAIL PROTECTED]> wrote:
Hi Julien,
My posting MAY be considered as a "speculation" since this has not
happened yet. The reason why this *could* become a reality is
the success of web-based services including outsourced dittos.
The latter seriously limits the applicability of VPN connections
and platform attestation at the network transport level.
802.11x got you down, huh?
I can even imagine that certain critical C2G services may not be
accessible from "unsecured" computers.
This is already the case, with the US IRS and its fuel excise tax
system. However, those terminals don't do anything else.
What is *not* a speculation however, is that SSL/TLS client-auth
is seriously challenged by application-level authentication using
SAML like schemes. This is due to the fact that the browser
vendors have not (yet) realized that signatures are already is
widespread use in the EU[*]. Due to the unavailability of browser
support for this, proprietary java applets using non-browser
and non-OS crypto are typically used. It would be piece of
cake to extend SAML with platform attestestions if needed.
...please see my other reply to this thread for why platform
attestations lead one to a false sense of security. (Plus, I think
that using non-browser and non-OS crypto may actually be a good thing
-- as a failure of one does not impact the security of the others.)
-Kyle H
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
