[funsec] National Strategy for Trusted Identities in Cyberspace
rsk at gsp.org
Sun Jun 27 21:42:25 CDT 2010
On Sat, Jun 26, 2010 at 09:25:11PM -0400, Valdis.Kletnieks at vt.edu wrote:
> a) How do you protect it? Both "private key stored on the computer" and
> "password sent to the certifying system" aren't very secure if the user's
> computer is one of the 150 million compromised systems. Other systems, like
> smart cards, assume that standardized smart card readers are ubiquitous...
Exactly. It continues to simultaneously amaze and disappoint me that
so many supposed "experts" are blissfully unaware of the current state
of the 'net and have absolutely no idea that their latest Big Idea was
already completely defeated years before they came up with it.
More information about the funsec