[4467] in cryptography@c2.net mail archive
Re: IPSEC on a Palm III?
daemon@ATHENA.MIT.EDU (Derek Atkins)
Wed Apr 7 11:30:57 1999
To: Ulrich Kuehn <kuehn@ESCHER.UNI-MUENSTER.DE>
Cc: David Honig <honig@sprynet.com>, William Whyte <wwhyte@baltimore.ie>,
"'Robert Hettinga'" <rah@shipwright.com>,
"cryptography@c2.net" <cryptography@c2.net>
From: Derek Atkins <warlord@MIT.EDU>
Date: 07 Apr 1999 10:29:32 -0400
In-Reply-To: Ulrich Kuehn's message of Wed, 7 Apr 1999 11:53:39 +0200 (MET DST)
Ulrich Kuehn <kuehn@ESCHER.UNI-MUENSTER.DE> writes:
> The crypto ibutton has no display, but you might want to know what
> exactly you are signing. The ibutton thus has the requirement for a
> trusted environment with a trusted application communicating with it,
> which is hopefully not the case with the Palm pilot.
OTOH, a Palm isn't quite a 'secure' OS, either.. Sure, you can at
least see what you are signing, but there is no secure key storage
available. A trojan application could easily steal your credentials
off a PalmPilot. I don't know if this is the case for an iButton.
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
warlord@MIT.EDU PGP key available
