Victor, I would characterize your proposal as a variant of the "keeping your credentials in the cloud" vision. Google (how surprising...) is indeed pushing this for Information Cards.
Personally, I remain skeptic about the combination of dedicated desktop SW and the cloud, a lighter version only relying on the cloud and a standard browser seems like a better mousetrap since it can be used without any infrastructure changes at all. Security people (in general) tend to come up with schemes that are at odds with the rest of the IT-world which I believe is a reason why they only occasionally get their pigs to fly outside the lab... Anders ----- Original Message ----- From: "Varga Viktor" <varg...@netlock.hu> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Friday, October 16, 2009 14:56 Subject: RE: mobile phone certificates. Re: why client certs > > Will this one day reach the PC? No, you will still use the phone as > the token > > (and token selector/executor) while the PC crypto will be bypassed. > NFC > > does the connection together with Wi-Fi. > > > Hmmm! Interesting thoughts. There is a total different approach too: 1. store the keys on a central server 2. give a csp/pkcs11 with connectivity to this server, when digital signature is needed, the hash sent trough the net, then sinature was done ont he server and the results came back and given to the application 3. for authentication to the keys, use your mobile, some kind of authentication data sent by sms or some other way, and you should enter it back as pin. with this approach no need to create store types for the different mobiles, no hardware problem. regards. Viktor _______________________________________________________________________ Ezt az e-mailt virus- es SPAM-szuresnek vetettuk ala a filter:mail MessageLabs rendszerrel. Tovabbi informacio: http://www.filtermax.hu This email has been scanned for viruses and SPAM by the filter:mail MessageLabs System. More information: http://www.filtermax.hu ________________________________________________________________________________________ -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
