1998-04-28 - Re: Schneier on Smartcards and Holding Secrets

Header Data

From: Adam Shostack <adam@homeport.org>
To: shamrock@cypherpunks.to (Lucky Green)
Message Hash: aff42ade06d992793e75b13c3908b9892a48f3ba75afefa94c11b489a5322611
Message ID: <199804280729.DAA03637@homeport.org>
Reply To: <Pine.BSF.3.96.980428042345.7685E-100000@pakastelohi.cypherpunks.to>
UTC Datetime: 1998-04-28 07:31:47 UTC
Raw Date: Tue, 28 Apr 1998 00:31:47 -0700 (PDT)

Raw message

From: Adam Shostack <adam@homeport.org>
Date: Tue, 28 Apr 1998 00:31:47 -0700 (PDT)
To: shamrock@cypherpunks.to (Lucky Green)
Subject: Re: Schneier on Smartcards and Holding Secrets
In-Reply-To: <Pine.BSF.3.96.980428042345.7685E-100000@pakastelohi.cypherpunks.to>
Message-ID: <199804280729.DAA03637@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
| On Mon, 27 Apr 1998, David Honig wrote:
| 
| > 	
| > Bruce wrote a short letter to a trade mag (Internet world? I've
| > lost it since) worth reporting.  The jist was, if a smartcard
| > contains Bank Secrets but is held by customers which do not
| > share the same goals/responsibility as the owner of the secrets, this is 
| > *poor security design*.
| 
| No kidding. Duh.

I make this point by saying 'if the smartcard is my agent, its useful.
If its the bank's agent--well, its under my complete control, isn't
it?'


Adam

-- 
Just be thankful that Microsoft does not manufacture pharmaceuticals.






Thread