[4476] in cryptography@c2.net mail archive
Re: IPSEC on a Palm III?
daemon@ATHENA.MIT.EDU (Derek Atkins)
Thu Apr 8 11:45:23 1999
To: Dan Geer <geer@world.std.com>
Cc: "cryptography@c2.net" <cryptography@c2.net>
From: Derek Atkins <warlord@mit.edu>
Date: 08 Apr 1999 11:12:56 -0400
In-Reply-To: Dan Geer's message of Thu, 08 Apr 1999 10:50:45 -0400
Too bad the source code for PalmOS isn't available.... An OpenSource
Secure PalmOS would be kind of cool. ;)
-derek
Dan Geer <geer@world.std.com> writes:
>
>
> OTOH, a Palm isn't quite a 'secure' OS, either.. Sure, you can at
> least see what you are signing, but there is no secure key storage
> available. A trojan application could easily steal your credentials
> off a PalmPilot. I don't know if this is the case for an iButton.
>
>
>
> Adoption rates for hand-helds hinge on multi-functionality
> (something for everyone who'll buy) yet the power of the
> hand-held hinges on secure OS (authorization with teeth,
> as we here understand the concept).
>
>
> | secure OS | multifunction
> ----------+-----------+--------------
> smartcard | yes | no
> ----------+-----------+--------------
> Palm | no | yes
>
>
> So, which is easier to fix -- adding a security kernel to
> the Palm or adding multi-function-ness to the smartcard?
>
> I'd say the security kernel for the Palm is by far easier
> unless and until the physics of the smartcard flex requirement
> are beaten somehow -- but why bother? Except as a container
> object, I'd say that the niche smartcards occupy is going
> away and going away fast. Wallet elimination versus wallet
> thinning, as it were.
>
> --dan
>
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL N1NWH
warlord@MIT.EDU PGP key available
