[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    RE: What is Arcot's target market?
From:       John R Levine <johnl () iecc ! com>
Date:       1998-09-23 16:30:12
[Download RAW message or body]

> Consequently, only a hardware based solution - such a smartcard - that
> requires physical possession of a physical token would meet AOL's true
> security requirements.

Indeed, particularly considering that AOL users need to be able to move 
from computer to computer from time to time, and to reinstall from 
scratch when Windows barfs all over their disks.

I remain baffled about who Arcot expects to use this scheme.  If it's really
for porn sites and other online content transactions, I'd think that a
conventional shared secret, perhaps with sequence numbers to make it harder
to pirate passwords, would be plenty.  If it's for transactions of greater
value, all of the discussion to date makes it clear that it's not a
substitute for a hardware dongle or smartcard.  So what is it? 

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4  2D AC 1E 9E A6 36 A3 47 

[prev in list] [next in list] [prev in thread] [next in thread]