[3354] in cryptography@c2.net mail archive
RE: What is Arcot's target market?
daemon@ATHENA.MIT.EDU (John R Levine)
Wed Sep 23 15:10:35 1998
Date: Wed, 23 Sep 1998 12:30:12 -0400 (EDT)
From: John R Levine <johnl@iecc.com>
To: cypherpunsk@algebra.com, cryptography@c2.net
In-Reply-To: <001401bde6ab$a4018100$1330c4c2@cypherpunks.aec.at>
> Consequently, only a hardware based solution - such a smartcard - that
> requires physical possession of a physical token would meet AOL's true
> security requirements.
Indeed, particularly considering that AOL users need to be able to move
from computer to computer from time to time, and to reinstall from
scratch when Windows barfs all over their disks.
I remain baffled about who Arcot expects to use this scheme. If it's really
for porn sites and other online content transactions, I'd think that a
conventional shared secret, perhaps with sequence numbers to make it harder
to pirate passwords, would be plenty. If it's for transactions of greater
value, all of the discussion to date makes it clear that it's not a
substitute for a hardware dongle or smartcard. So what is it?
Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Information Superhighwayman wanna-be, http://iecc.com/johnl, Sewer Commissioner
Finger for PGP key, f'print = 3A 5B D0 3F D9 A0 6A A4 2D AC 1E 9E A6 36 A3 47
