--On Thursday, January 22, 2009 06:24:58 PM +0100 Andreas Jellinghaus <a...@dungeon.inka.de> wrote:
> my point of view is: > there is not a single external driver that I'm aware off. > thus we could remove the whole code for allowing external > loadable drivers, as there are none, and that would simplify > the code. Yes, and then you could totally give up on providing a well-defined interface for drivers, and then people wouldn't be able to have separately-maintained drivers, wehther or not we know or care about them. The Linux kernel people went that route, and it screws me more or less every day. So, more on principle than anything else, please don't do this. > about the internal/external situation: our long term goal > should be to allow only internal tool to use the internal > api, and suggest using the pkcs#11 interface to everyone. For applications, this is OK, more or less. I'm not sure that's good enough for tools that initialize cards, but it might be. > the only one using the internal api is openssh, and it can be ported > to pkcs#11 I'd like to see that. - alon has done that, but it is a part of a huge change that > is unlikely to find many adopters (my personal guess - I think people > like that ssh is very easy and simple, and adding x.509 results in a quite > complex thing I guess). ssh is not very easy and simple; it is a hugely complex protocol. That it looks easy and simple to its users is a testament to the excellent job many of its implementors have done. Support for X.509 certificates in the SSH protocol is something that has been talked about from time to time, first in the SECSH working group (now concluded) and more recently on its still-active mailing list. I've also seen mention of interest in a couple of other places. Note that getting _anything_ into OpenSSH is quite difficult; they are a bit overparanoid and, besides requiring adequate review, are sometimes very resistant to adding new functionality. > I think we should discuss this scenario: > is it ok if someone uses opensc, changes it as he likes, and published the > resulting code and binaries - with one file only published as *.o (his new > card driver)? I guess that captures the spirit of the LGPL quite nicely > and is quite usable too. (but I have not checked the wording of the LGPL > to find out if that is ok, and I'm no lawyer either...) I think that _should_ be OK -- the interface between card drivers and the framework is or should be a natural boundary, and I think it's self-defeating to basically tell people they can't use opensc (or any open-source software) with particular hardware not because the vendor is unwilling to provide a driver, but because they are unwilling or unable to provide source. I think it's also important to consider cases where there _is_ an open-source driver, but with a GPL-incompatible license. -- Jeff _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
