[3443] in cryptography@c2.net mail archive
Re: IP: State Govt Will Use Datakey Smart Cards
daemon@ATHENA.MIT.EDU (Paolo Da Ros)
Fri Oct 9 13:04:55 1998
Date: Fri, 09 Oct 1998 16:38:50 +0100
From: Paolo Da Ros <paolo.daros@cryptonet.it>
To: Rick Smith <rick_smith@securecomputing.com>
CC: Ed Gerck <egerck@laser.cps.softex.br>,
Robert Hettinga <rah@shipwright.com>, cryptography@c2.net,
dcsb@ai.mit.edu
We have Datakey products in our office (we sell them in Italy), and when they
are used in conjunction with Entrust (for this joint deployment export
procedures form the US have been kind of relaxed very recently) they store the
encryption cert -generated by the PKI to allow later recovery-, and they
generate the signature keypair on board.
You will never need to recover a signature private key (you will just ask for a
new one), and you will have the chance to recover the encryption private key
(in our experience in Italy a very strong corporate requirement, very similar
to the requirement generating huge revenues for magtape, floppies and DAT
manufacturers).
--Paolo
Rick Smith wrote:
> >On Mon, 5 Oct 1998, Robert Hettinga wrote:
> >
> >>State Government Agency Will Use Datakey Smart Cards
>
> At 02:55 PM 10/5/98 -0200, Ed Gerck asked:
> [...]
>
>
> Regardless of the marketing terms being used, I personally find it
> interesting to think about PK cards that never emit the private key. I like
> the clean notion of tying the private key so completely to a single piece
> of tangible hardware. However, I suspect that some existing protocols will
> get a bit squirrely if particular private keys become irrecoverable due to
> a hardware failure.
>
> Rick.
> smith@securecomputing.com
--
Paolo Da Ros -- Partner, CryptoNet Srl
Via Oglio, 1 -- 20139 Milano -Italy
Phone: +39.02.57401.235 Fax: .531
e-mail: paolo.daros@cryptonet.it http://www.cryptonet.it
Please encrypt relevant messages
Entrust Validation String: XW8E-7FZY-KXR6
Use http://www.entrust.com/solo/solo_eval.htm
--
