From: Adam Shostack <adam@homeport.org>
Date: Tue, 28 Apr 1998 00:31:47 -0700 (PDT)
To: shamrock@cypherpunks.to (Lucky Green)
Subject: Re: Schneier on Smartcards and Holding Secrets
In-Reply-To: <Pine.BSF.3.96.980428042345.7685E-100000@pakastelohi.cypherpunks.to>
Message-ID: <199804280729.DAA03637@homeport.org>
MIME-Version: 1.0
Content-Type: text/plain


Lucky Green wrote:
| On Mon, 27 Apr 1998, David Honig wrote:
| 
| > 	
| > Bruce wrote a short letter to a trade mag (Internet world? I've
| > lost it since) worth reporting.  The jist was, if a smartcard
| > contains Bank Secrets but is held by customers which do not
| > share the same goals/responsibility as the owner of the secrets, this is 
| > *poor security design*.
| 
| No kidding. Duh.

I make this point by saying 'if the smartcard is my agent, its useful.
If its the bank's agent--well, its under my complete control, isn't
it?'


Adam

-- 
Just be thankful that Microsoft does not manufacture pharmaceuticals.