[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Remote access from ubiquitous IPSec hosts

To: kivinen@ssh.fi
Subject: Re: Remote access from ubiquitous IPSec hosts
From: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>
Date: Thu, 30 Jul 1998 11:22:37 -0700 (PDT)
Cc: vgupta@nobel.Eng.Sun.COM, ipsec@tis.com
Reply-To: Vipul Gupta <vgupta@nobel.Eng.Sun.COM>
Sender: owner-ipsec@ex.tis.com



> Vipul wrote:
> >   The key requirement here is that even the Phase I exchange must
> >   rely on a "portable" authentication mechanism, i.e. authentication
> >   should be based on information supplied by the user and on such 
> >   information alone. If authentication is based on certificates,
> >   there's the problem of easily transferring a user's keys into
> >   the IPSec host. While this is doable, it requires several 
> 
  to which Tero responded:
  
> Whats wrong with the same idea that is used in the GSM phones, i.e.
> using smartcards to handle the authentication (the SIM (subscriber
> identity module) is really a smartcard that contains a keys and other
> information for the customer).

  There is nothing wrong with this. Infact, this would be the ideal way
  to do it. As you mention below, the private key never leaves the
  smartcard and that is a big plus. It is just that I am not sure how
  long it would take for smartcards and smart card readers to become
  as common place as keyboards (I personally would love it if this 
  happened soon).
  
  vipul
  
> You just take your smartcard with you and those machines have
> smartcard reader where you can put your card in. The smartcard will
> then do the certificate based authentication for you, and because the
> private key never leaves the smartcard you can be sure that it cannot
> be stored to the machine you are using.
>

Prev by Date: Remote access from ubiquitous IPSec hosts
Next by Date: A small question about the ESP proposals.
Next by thread: IPSec client for OS/2 ?
Index(es):
- Main
- Thread