2009/5/2 Anders Rundgren <anders.rundg...@telia.com>: > A while ago I received this from a German ETSI rep: > > What I could offer is a short paper at > http://www.ecsec.de/pub/2008_Sicherheit.pdf , > which sketched such a mapping to MSS standardized by ETSI and the > specifications > of the eCard-API-Framework > (http://www.bsi.bund.de/literat/tr/tr03112/index.htm, > unfortunately in German, but there will be English translations coming > soon). > > To me it seems that BSI is looking for Java Card 3 functionality which means > web services rather than 7816. > > I'm personally going in the opposite direction using extremely simple > low-level > commands making the HW requirements even less than today with the goal of > making PKI support a built-in feature in consumer devices such as USB memory > sticks and mobile phones. The need for an externally visible file-system in > a smart > card does not appear logical; none of the current crypto APIs need that. > > JavaCards seem like a solution for specific things like stored-value schemes; > for PKI support Java doesn't bring anything to the table as far as I can tell. > > Thoughts?
I see 2 different paths regarding smart cards and PKI for the future in IT: - Microsoft and its Base CSP (Cryptographic Service Provider). The idea is to have a large part of the smart card PKI in a common module called Base CSP and a "small" part dedicated to a smart card called Vendor Card Module. See [1]. - eGovernement cards. These solutions are complex and pushed by card vendors since they will be able to sell complex/expensive cards. And also from other worlds: - Telecom SIM cards. EAP-SIM and EAP-AKA [2]. They are not PKI AFAIK. - Bank cards using PKI inside EMV scheme. So for the free software world the future may be to implement a PKCS#11 layer above the CardMod.h from Microsoft or a similar API. It would also be great if governments funded projects (eGov cards) were available as free software. Citizen already paid for the software through taxes. Bye [1] http://blogs.msdn.com/shivaram/archive/2005/11/30/498134.aspx [2] http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol#EAP-SIM -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
