Andreas Jellinghaus wrote: > 2.) I think those are better defaults, you think otherwise. > what does everyone else think about these changes? > my take is "doesn't work - ah, the card can't generate an > rsa key, so I need to turn on this option" won't happen very > often, because nearly every card can do that. even if so, > the user might understand this quite well. on the other hand > "you did what? generate the key on the pc?" is much harder > to explain - the usability might have worked for the user, but > explaining the security tradeoff and why it was necessary later > is a pain.
Agree with you Andreas. > so right now I'm happy at least we could find and fix a security > issue, and my plan is only to get some feedback whether that change > works, write a security advisory, and publish a new release. I think you're doing good work with OpenSC. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel