Package: mozilla-opensc Version: 0.11.1-2 Severity: normal The Finnish national identity cards (FINEID) contain two secret keys: one of them is for common authentication and the other is for nonrepudiable signatures backed by law. These keys have different PINs; PIN1 is for common auth and PIN2 is for signatures.
It is obvious that PIN2 should only ever be requested when a signature is needed. Therefore, asking for PIN2 when logging in to a website is harmful. This is, however, what happens when using mozilla-opensc. -- System Information: Debian Release: 4.0 APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.18-4-amd64 Locale: LANG=fi_FI.UTF-8, LC_CTYPE=fi_FI.UTF-8 (charmap=UTF-8) Versions of packages mozilla-opensc depends on: ii libc6 2.3.6.ds1-11 GNU C Library: Shared libraries ii libopensc2 0.11.1-2 SmartCard library with support for ii libssl0.9.8 0.9.8c-4 SSL shared libraries ii zlib1g 1:1.2.3-13 compression library - runtime mozilla-opensc recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]