The RSA division joins Google's U2F

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

The RSA division joins Google's U2F

Anders Rundgren-2
http://fidoalliance.org/news/RSAAnnounce.pdf

Google's U2F seems to be the thing to watch.

The smart (PKI) card driver is about to die.  It was never a good idea;
it costs a fortune to develop and only delivered hassles.

Now we are waiting for Feitan et al to announce their support for U2F.
Then you will be able to use these excellent products in any computer without
having to worry if it will work because the U2F driver will be a part of the OS.
And of course you can provision the keys directly from a browser!

I expect the EU governments to continue with their consultant-riddled eID card programs since these are mainly driven by politics rather than reason.

Anders

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: The RSA division joins Google's U2F

Jaroslav Imrich
Hello Anders,

is there any specification (or other type of technical output) available from FIDO?

Thanks

Regards, Jaroslav

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: The RSA division joins Google's U2F

Anders Rundgren-2
On 2014-02-04 09:20, Jaroslav Imrich wrote:
> Hello Anders,
>
> is there any specification (or other type of technical output) available from FIDO?
>
> Thanks
>
> Regards, Jaroslav

Hi Jaroslav,

Since developing security hardware "by definition" needs to be carried out in secrecy [ :) ], Google decided early
on to develop it on their own and when it was ready launch it in a obscure closed industry consortium
known as the FIDO Allienace.

I find the following lines from an early (still public...) specification

https://docs.google.com/presentation/d/16mB3Nptab1i4-IlFbn6vfkWYk-ozN6j3-fr7JL8XVyA/edit?pli=1#slide=id.g19c09a112_2_88

    Direct Access from Browser:

        No client middleware to install

        Simple Javascript API: 'Create Key Pair' and 'Sign'
        Not just tied to login! Use anytime you want to strongly verify user.

to be pretty interesting though.

Anders

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: The RSA division joins Google's U2F

Jaroslav Imrich

Since developing security hardware "by definition" needs to be carried out in secrecy [ :) ], Google decided early
on to develop it on their own and when it was ready launch it in a obscure closed industry consortium
known as the FIDO Allienace.

:D
 

I find the following lines from an early (still public...) specification

https://docs.google.com/presentation/d/16mB3Nptab1i4-IlFbn6vfkWYk-ozN6j3-fr7JL8XVyA/edit?pli=1#slide=id.g19c09a112_2_88
 

Thanks for sharing. Seems like someone just replaced the title in YubiKey presentation.

 
    Direct Access from Browser:

        No client middleware to install

        Simple Javascript API: 'Create Key Pair' and 'Sign'
        Not just tied to login! Use anytime you want to strongly verify user.

to be pretty interesting though.

I think that YubiKey NEO currently works also as a standard java card. Maybe they just wanted to (but didn't) say the middleware will be embedded in the browser.


Regards, Jaroslav

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: The RSA division joins Google's U2F

J.Witvliet
In reply to this post by Anders Rundgren-2

 

 

From: Jaroslav Imrich [mailto:[hidden email]]
Sent: dinsdag 4 februari 2014 11:23
To: Anders Rundgren
Cc: OpenSC
Subject: Re: [Opensc-devel] The RSA division joins Google's U2F

 

 

Since developing security hardware "by definition" needs to be carried out in secrecy [ :)

 

This very much smells like: “security through obscurity”

Or “You can trust us, (I’ve been told that) we’ve tested it ourselves”

 

Nah

 


Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het electronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: The RSA division joins Google's U2F

Andreas Jellinghaus-4
In reply to this post by Anders Rundgren-2
a few more links I collected:

however while I work at google, I'm not related to gnubby or that team, so I can't speak for them or google in any way. 

Andreas




2014-02-04 Anders Rundgren <[hidden email]>:
On 2014-02-04 09:20, Jaroslav Imrich wrote:
> Hello Anders,
>
> is there any specification (or other type of technical output) available from FIDO?
>
> Thanks
>
> Regards, Jaroslav

Hi Jaroslav,

Since developing security hardware "by definition" needs to be carried out in secrecy [ :) ], Google decided early
on to develop it on their own and when it was ready launch it in a obscure closed industry consortium
known as the FIDO Allienace.

I find the following lines from an early (still public...) specification

https://docs.google.com/presentation/d/16mB3Nptab1i4-IlFbn6vfkWYk-ozN6j3-fr7JL8XVyA/edit?pli=1#slide=id.g19c09a112_2_88

    Direct Access from Browser:

        No client middleware to install

        Simple Javascript API: 'Create Key Pair' and 'Sign'
        Not just tied to login! Use anytime you want to strongly verify user.

to be pretty interesting though.

Anders

------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121051231&iu=/4140/ostg.clktrk
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel