We
have seen how being able to count on a centralized network
makes its use possible; however, it is still an expensive
endeavor. Smartcards have to be bought and ?¬‚ashed; readers
have to be deployed; policies have to be created and enforced
for distribution; certi?¬?cates have to be renewed. Good network
software can help, but not everybody has a full Windows 2003
domain with autoprovisioning (or equivalent technology) in
place. Even in that case, from time to time users will lose their
smartcards; they will not log in on time for the renewal to take
place; they will choose useless PINs; their readers will break;
you can apply your favorite ?¬‚avor of Murphy??™s law here. As
previously mentioned, security has a price. In the smartcard
case, only those with a good investment in IT resources can
afford it.
The so-called soft certi?¬?cates, certi?¬?cates that reside on the
user??™s machine rather than in an external device, do not offer
the same advantages of smartcards, and they even share some of
their shortcomings.
SSL Client Authentication
In the section ???HTTPS,??? we mentioned how the HTTP protocol
can mitigate its security shortcomings by relying on lower-level
protocols such as SSL and TSL.
Pages:
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124