On 2012-08-22 00:38, Julien Pierre wrote: Julien, > > On 8/21/2012 00:45, Anders Rundgren wrote: >> On 2012-08-21 05:42, Julien Pierre wrote: >>> Anders, >>> >>> On 8/14/2012 20:40, Anders Rundgren wrote: >>>> http://communities.intel.com/community/vproexpert/blog/2012/05/18/intel-ipt-with-embedded-pki-and-protected-transaction-display >>>> >>>> Apparently your next PC already has it. >>> Some PCs based on Intel chips may have it. A few of us out there do not >>> use Intel chips. >> I guess Intel is still "testing the waters" which I think is a good >> alternative >> to politically, commercially and technically awkward standardization efforts >> that seem to take forever and in the end often are circumvented by other >> developments in the market. Been there, done that :-) > True enough. > > But I still can't get very enthusiastic about this. We live in a world > with so many different devices, not just PCs. These mobile devices do > not run Intel chips either.
You are right. If there had been a standard things would have been easier but there's none and therefore I'm happy at least that a major vendor does an effort to move something that has been in in "deadlock" forever. >> It is rather a replacement for passwords. Embedded credentials is the >> thing that will at last/finally make client-side PKI a main-stream >> authentication solution. > That's fine if you only plan on ever logging in from the one device that > has the credentials embedded. It seems a bit restrictive. > Unless you always have that device with you. In which case it's probably > a smartphone, not a PC. The only solution I can think of is that each of the devices is fitted with the embedded credentials needed for using them. In fact, you can use device (or card) as secure bootstrap for a "credential clone" to another device using a *self-service process*. This principle has already been used by many millions of Swedish citizens to enroll soft certificates (embedded) on their PCs. Currently they are using proprietary software since the US SW giants never managed creating a useful enrollment system, not to mention a standard. Anders > > Julien > > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
