imi message

Subject: Re: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft

From: Michael McIntosh <mikemci@us.ibm.com>
To: John Bradley <jbradley@mac.com>
Date: Wed, 18 Feb 2009 21:07:55 -0500

John Bradley <jbradley@mac.com> wrote on 02/18/2009 08:51:08 PM: > The important points are that it is card specific entropy stored by > the IdP and never disclosed to RPs in any way.

Actually, this entropy needs to be treated as a secret and it should be [pseudo]random. The danger is not from RPs but from other cardholders from the same IdP.

Regards,
Mike

Follow-Ups:
- Re: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft
  - From: John Bradley <jbradley@mac.com>

References:
- Hopefully last change to the IMI spec before producing a CommitteeDraft
  - From: Mike Jones <Michael.Jones@microsoft.com>
- Re: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft
  - From: Anthony Nadalin <drsecure@us.ibm.com>
- Re: [imi] Hopefully last change to the IMI spec before producing aCommittee Draft
  - From: John Bradley <jbradley@mac.com>