Thu, 19 Jun 1997, Enrique Vadillo wrote:
> Personally, i have setup SecurID over SSH, i see both as very secure
> when combined. SecurID authentication over SSH, along with Firewall
> protection is something many people would like to have to feel *really*
> safe on the net.
Actually for people in the free world keeping the solution in two pieces
is much better than if SecurID would deal with encryption of the traffic
(which they unfortunately will do in the future). The token part is good
and not restricted, so we can use that part without being worried about
weak security. I am not sure what will happen when SDTI will add more
public and private key encryption to their products, start using
smartcards etc. - I do not think they can do that easily without making
the some parts of the SecurID system weak and breakable, so they can
export their product, but this would make the product pretty useless for
outside US use, I don't think they [SDTI] have thought very much about
this problem. So I do hope they make the future products modular, one part
consisting of the token system, another of all the add-on encryption
functions that SDTI has planned for their products. That way there will
always be non-US companies who could replicate the encryption parts and
make compatible products (why not Data Fellows / SSH or Elvis Plus /
SKIP).
So yes for some people in US it would be good if SDTI & RSA would offer
encryption capabilities, but as long as the encryption rules in US stand,
there is nothing SDTI & RSA (especially RSA) can do for people in most
parts of the world. Still right now it is good to use the token part
together with things like F-Secure SSH.
Dropping US export restrictions would make everything fine again, but
although there has been some movement I do not think much will change in
the nearest future.
Jyri
|
|
