Peter Djalaliev wrote:

> [...] another disadvantage of PKI is that it authenticates only user
> identity, not remote host integrity.

Disadvantage, as compared to what?
Something that doesn't exist yet?
Big Brother?

Full blown TPM is not the answer: User's don't want Big Brother.

However, most TPM chips today also serve as FIPS 140 hardware crypto
modules, which provide a good solution to the compromised private key
problem.  I think good hardware crypto modules that make compromised
private keys impossible (or nearly so) are a reasonable solution.
Big Brother is not.

-- 
Nelson B

_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to