Hi Peter, Peter Djalaliev wrote: > In this light, another > disadvantage of PKI is that it authenticates only user identity, not > remote host integrity. > Good idea ;-) > If we think of encryption as a single layer of security and PKI > authentication as a second layer, I think eventually we will go toward > a third layer that will help us verify the integrity of the host > platform. This is what TPM-enabled platform attestation does, for > example: gives us a way to examine the software running on the host > that we are sending our data to. What the private key of the certificate concerns, this can and is done by shipping the key on some token or smart card with password protection. Such cards lock up after too many failed authentication attempts, render them useless. Not convenient when needing to restart a web server. Obviously this doesn't say anything about the data stored on that hardware. Certainly an overkill for a user forum, but agreed, this is what EV should be ;-)
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
