Why is replacing the 15 year old Netscape hack suddenly a bad idea?
Because you cannot create a secure provisioning system without having
some kind of [by the issuer recognizably] predefined key in the token.
With such a key, the token would be able to attest generated keys,
import data
using MACs, and encrypt data as needed in both directions.
In addition, you need "bookkeeping" support inside of the token so that the
token can provide the issuer with evidence that the process indeed succeeded
enrolling n keys etc etc.
Without such support in tokens, all bets are off regarding where keys
are actually stored, making the value of having tokens suddenly drop
to zero, at least from the issuer's perspective.
Since the progress in the token industry is mainly driven by the slowest
movers you can find on this planet, i.e. banks and governments, we can
safely conclude that on-line provisioning of keys will remain a marginal
activity in spite of all the hype around "Cloud Computing".
-anders
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
