Martin Paljak wrote:
On 05.05.2006, at 12:10, [EMAIL PROTECTED] wrote:
if the card doesn't support a logout functionality it's not an error
Actually, when doing some debugtesting with the Estonian eID card,
threading and locking and so on, i found the fact that the default
logout function always changes to MF somewhat annoying and not quite
right for my case at least.
well the default logout function is based on the assumption that
changing to the MF clears the security state of the card
Would it be a suggested practice to
overwrite the default logout function for cards that might need it (like
internal state is changed to not authenticated for example) ?
if there's a card specific way to reset the security state of a card
changing to the MF shouldn't be necessary (btw: I'm not even sure
whether it's a good idea to implement a default function for logout
as changing to the MF doesn't guarantee that the security state has
been cleared).
It's easy
to add a card function to override the default logout function, but i'd
like to know something more about the feature in default ISO
implementation and why it is there. When lock-login is false, for
pkcs#11 implementation to call logout function when there is actually no
*logout* requested does not seem right. logout could be called on
disconnect maybe, but not after each transaction....
IMHO it's a security feature to clear the security state after the
transaction as we don't know who will access the card next (of course
it's not perfect but it's better than nothing ...)
Cheers,
Nils
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
