Peter,
I sent this to Andreas and Nils, but it might help answer your
questions
Andreas Jellinghaus wrote:
Am Montag, 5. März 2007 23:37 schrieben Sie:
Any chance getting the patch for the PIV compression ticket #128
into this release?
I'm asking Nils for feedback. As far as I remember he had some comment /
change request for the code.
There where some issues with not testing for zlib, that would be easy to
add the #ifdef's. I think there where some comments about naming too.
Nils would know more.
but on the other hand - if the patch doesn't break anything - I prefer to
add code if noone has time to improve it. Work shouldn't be lost.
if I remember correctly, the code was done by the author of the muscle
driver.
He is one of the people from Identity Alliance. I believe Identity
Alliance was founded by David Corcoran. David's picture is on their web
site: http://www.identityalliance.com/ I believe he started Muscle as an
independent consultant. David has authored some of their PIV documents.
They have IdAlly, a Windows CSP, that can call PKCS#11 and can work with
OpenSC. So Identity Alliance is closely tied to OpenSC. Having the
ompression code added would make sure PIV was compliant.
When I wrote the original PIV code, there was a one line reference to
compressing which I left undone, as it was not clear how this was to be
done, or if would ever be done, so I did not add it.
But based on the patch and notes from Kennith Carrera, Also a consultant,
I believe, it looks like some cards are being issued with compressed
certificates.
did you test the code? does it work for you? or did anyone else?
Yes, to the effect that OpenSC still worked with uncompressed certificates.
Yesterday. I don't have a card with a officaly compressed certificate, but
I think Kennith does. Yesterday I started writing the code to add to
piv-tool to compress a certificate, and I expect to try that today, (its
7:00AM and I am at home) test the patch with it, build OpenSC on MacOS,
send Kennith an updated libopensc, so he can try with his compressed cert.
sorry that I have to ask, but > 10 test&respond cycles with the muscle
guys got me nowhere, their driver still does not work.
I don't think Identity Alliance is interested in Muscle much any more,
but have moved on to consulting with PIV, as the U.S. federal government
is trying to implement PIV. There is a lot of consultant work going on
in Washington DC. It is not clear (to me st least) who is doing Muscle,
and what its future as a mainstream smart card applet is.
My part in all this, is we have a lot of open source Unix systems, as
desktops and for PIV to be use able it has to be on the desktop.
Microsoft and Apple will provide PIV support for their systems, but
no one was doing anything for the Open Source systems. I am also the
past chair of the IETF Kerberos working group, and using PIV cards via
PKCS#11 with the Heimdal or MIT Kerberos PKINIT is a great way to
authenticate, even to Active Directory.
So I feel that it is important to get the compressed code in to the
next release of OpenSC to keep itcompatable. So if you can give me a
few days to try and pull this together...
Thanks.
Regards, Andreas
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
