directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nicolas Williams <Nicolas.Willi...@sun.com>
Subject Re: One Time Identification, a request for comments/testing.
Date Wed, 31 Jan 2007 22:36:00 GMT
On Wed, Jan 31, 2007 at 08:42:43AM -0600, Douglas E. Engert wrote:
> What keeps a user from copying the identity token from the USB
> device to a local or shared file system to avoid having to insert
> the USB device all the time?
> 
> What are the security implications if the identity token is
> stolen?
> 
> How does this compare to using cert and key on the USB
> device with PKINIT rather then your identity token?
> 
> How does this compare to using a smart card or USB equivelent
> of a smartcard with PKINIT? To the user they still have to insert
> the card or USB device, and have to enter a pin or password?

You're correct -- softtokens aren't a replacement for real smartcards.

That doesn't stop a softtoken from being useful though.

Compare softtokens to passphrase-protected ssh private key files in
users' home directories :)

Nico
-- 

Mime
View raw message