[OpenID] [LIKELY_SPAM]Re: On the portability of identifiers

[Ben Laurie]

On Fri, Oct 31, 2008 at 2:45 PM, Peter Williams <pwilliams at rapattoni.com> wrote:
>
>  Once they
>> come with smart chips that manage certificates in a secure manner even when
>> plugged into untrusted computers, and the UX for them improve, then nothing
>> technologically stands in their way of replacing OpenID since there is no
>> risk of a Provider going out of business and taking Mom's identity down with
>> it.
>
>
> Those are essentially the design requirements of the US PIV II card, note. They are a generation-stronger than the CAC card in the hands of a few million DOD personnel for the last decade.
>
> PIV -II has its own secure channel, end-end, from card to control authority - or least the global-platform card management system does. Thank IBM (and visa)!

There's not a huge amount of point in having a channel to the card
unless there's a trusted UI to go with it.

>
> If the microsoft cardspace/trusted desktop is in used, it might be deemed appropriate for presenting the PIN form. But the trust architecture really assumes that the TPM chip in the motherboard is talking to a pin entry device (PED), that is trusted over the USB/NF at the TPM architecture level (thanks HP Bristol!). Pin entry may well mean press your thumb against the embedded bio/finger-reader in the card (which I got to work on, a few years ago)
>
> This is all merely a variant of what PKI providers have been doing for nearly 2 decades, when their FIPS 140-2 level THREE devices talk over a secure channel to PEDs - so as to implement auditable controls such as n of m access/reconstruction of root/CA keys used for minting certain classes of assertion/cert.
> _______________________________________________
> general mailing list
> general at openid.net
> http://openid.net/mailman/listinfo/general
>