In message Sun, 19 Jun 94 10:50:14 EDT, Adam Shostack <adam@bwh.harvard.edu> writes:
Understood, but its not a matter of addressing 90% or the other 10%, its a matter of "Is the security gain in building a card that only hands out each number once worth cutting out 10% of the market?" I think that if you are worried about rouge code on your machine, you aren't going to run on a computer that can't protect its memory from random browsing. (I can still access all of a PC's memory from normal code, can't I?) Thus, building a PC card doesn't really afford you a gain in security if I can use my hostile code to read PGP's memory locations. If you agree with that, then there is no good reason not to build a serial port dongle, and include me in your potential customers. :)
I think I'm a bit confused. Your first post suggested that I was ignoring an important part of the market, and I acknowledge that this was delibrate. Now you seem to be arguing that the paranoia that I addressed in my fourth question is justified. I'd like more backup for this, as all I have is speculation at this point. I don't know if it is paranoia or prudence. Yes, if you are running DOS/Windows, you can address the world. Sigh. And lots of other/better OS fix this, but they haven't got the market penetration. So I'm back to addressing lots of folks, or a few ones with real computers and real operating systems. I'd rather not degrade into that religion, I started with TOPS-10 and moved to Tenex... The problem with the serial port dongles are: 1) while parallel port dongels are known technology, making it work on a serial port is more problematical. 2) Most PC serial ports are junk. Getting reliable data rates above 2400 baud is non-trivial for low end PCs. If I could claim that the users had to have 16560AFN uarts, or better, then I could get decent rates, but then I lose market size. 3) PCs typically don't have a spare serial port. It is interesting that my mail is so far favoring an internal board approach. Given that, and the forthcomming Plug-n-Plan spec from Microsoft/Compaq/Intel/... and the hidious hassles of seting up IRQs, port addresses, etc. Does this suggest that a Plug-n-play board would be more attractive? The key is that they would be more expensive, at least at first. Compaq probably has the volume that can allow the cost difference to be offset by lower tech support costs. I haven't got that volume yet. Pat Pat Farrell Grad Student pfarrell@cs.gmu.edu Department of Computer Science George Mason University, Fairfax, VA Public key availble via finger #include <standard.disclaimer>