From mboxrd@z Thu Jan 1 00:00:00 1970 From: William Ahern To: 9fans@cse.psu.edu Subject: Re: [9fans] pop3 before smtp Message-ID: <20030711155959.GA3136@wilbur.25thandClement.com> References: <967768cb40aa71d536446da30109cc15@plan9.bell-labs.com> <01ed01c34740$aa416f80$b9844051@insultant.net> <20030711150306.GB26212@wilbur.25thandClement.com> <3F0ED4B3.4B140151@princeton.edu> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <3F0ED4B3.4B140151@princeton.edu> User-Agent: Mutt/1.5.4i Date: Fri, 11 Jul 2003 08:59:59 -0700 Topicbox-Message-UUID: f61e23b2-eacb-11e9-9e20-41e7f4b1d025 On Fri, Jul 11, 2003 at 11:16:03AM -0400, Martin Harriss wrote: > But now these cards become bearer instruments. You steal the card, you > have access. Methinks you need at least a PIN to validate the card. > > Martin yes, but you *know* when you're card is gone. often there isn't even a hint that somebody has _stolen_ your password. i certainly don't think these cards are a panacea. you can strip the casing w/ acid and trace the on-board chips and _steal_ the private key. but for the forseeable future this behavior is significantly mediated by time and physical constraints, which at the very least can give me a warning that the card cannot be trusted anymore. i would personally frown on any singular dependence by a government on the technology, because of your point, and also the corollary that the more valuable they become, the quicker the bad guys will develop the ability to copy/replace them.