Yubico Forum

...visit our web-store at store.yubico.com
It is currently Tue Jan 30, 2018 1:22 pm

All times are UTC + 1 hour




Post new topic Reply to topic  [ 3 posts ] 
Author Message
PostPosted: Wed Sep 24, 2008 10:38 pm 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
Some corporate types tell us Yubikey has to support PKI otherwise they won't adopt it. So we may consider adding ECC (Elliptic Curve Crypto) in future versions of Yubikey.

That adds some more cost to Yubikey due to the memory and CPU power required. Here I'd like to solicit some feedback...

* Do you hear people asking you for PKI when you demo Yubikey to them?

* Is PKI on Yubikey a nice-to-have or must-have in your use case?

Thanks for sharing your insights

:?:

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  

Share On:

Share on Facebook FacebookShare on Twitter TwitterShare on Tumblr TumblrShare on Google+ Google+

PostPosted: Thu Sep 25, 2008 3:15 pm 
Offline

Joined: Sat Sep 20, 2008 7:09 pm
Posts: 6
If you make an ECC version of the current Yubikey model, but with ECC instead of a symmetric key it could be interesting. The public key could be shipped with the key with no loss of security. It would make offline authentication easier as there would be no need to preserve the security of the key as is the case with the AES based yubikey. Of course, this does lead to problems with replay of keys as there would be no single point of authentication.

If you are suggesting a PKCS11 type product, I don't see how you would separate yourselves from the crowd. There are already plenty players in the traditional PKI space and they all share problems with expensive infrastructure and complex integration.


Top
 Profile  
Reply with quote  
PostPosted: Mon Sep 29, 2008 10:22 pm 
Offline
User avatar

Joined: Wed May 07, 2008 5:25 pm
Posts: 110
Location: Sunnyvale, California
geoff wrote:
If you make an ECC version of the current Yubikey model, but with ECC instead of a symmetric key it could be interesting. The public key could be shipped with the key with no loss of security. It would make offline authentication easier as there would be no need to preserve the security of the key as is the case with the AES based yubikey. Of course, this does lead to problems with replay of keys as there would be no single point of authentication.


Good point. In that way, Yubikey can be applied to many more off-line use cases such as Windows login, door lock, etc.

geoff wrote:
If you are suggesting a PKCS11 type product, I don't see how you would separate yourselves from the crowd. There are already plenty players in the traditional PKI space and they all share problems with expensive infrastructure and complex integration.


No, absolutely not. The stack of middleware, drivers are just onerous and against Yubikey's mission.

Thanks

_________________
The YubiKey Server Guy


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 3 posts ] 

All times are UTC + 1 hour


Who is online

Users browsing this forum: No registered users and 6 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB® Forum Software © phpBB Group