geoff wrote:
If you make an ECC version of the current Yubikey model, but with ECC instead of a symmetric key it could be interesting. The public key could be shipped with the key with no loss of security. It would make offline authentication easier as there would be no need to preserve the security of the key as is the case with the AES based yubikey. Of course, this does lead to problems with replay of keys as there would be no single point of authentication.
Good point. In that way, Yubikey can be applied to many more off-line use cases such as Windows login, door lock, etc.
geoff wrote:
If you are suggesting a PKCS11 type product, I don't see how you would separate yourselves from the crowd. There are already plenty players in the traditional PKI space and they all share problems with expensive infrastructure and complex integration.
No, absolutely not. The stack of middleware, drivers are just onerous and against Yubikey's mission.
ThanksStatistics: Posted by paul — Mon Sep 29, 2008 10:22 pm
]]>
