Peter Djalaliev wrote: > [...] another disadvantage of PKI is that it authenticates only user > identity, not remote host integrity.
Disadvantage, as compared to what? Something that doesn't exist yet? Big Brother? Full blown TPM is not the answer: User's don't want Big Brother. However, most TPM chips today also serve as FIPS 140 hardware crypto modules, which provide a good solution to the compromised private key problem. I think good hardware crypto modules that make compromised private keys impossible (or nearly so) are a reasonable solution. Big Brother is not. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto