Well, Believe it or not, cards and card middleware is the #1 problem with consumer PKI for banks for example.
Since crypto APIs do not use use files but APIs, P15 represents a detour. >From a related document I'm working on: Even if you buy a $100 card; it still doesn't enable an on-line issuer to verify that keys were actually created in the card! The reason for this is fairly simple: smart card production and personalization is almost exclusively performed in-house by specific staff and software. Conclusion: the smart card industry is working with dated designs that doesn't really scale. Tim: private keys are protected by a master key residing in EEPROM in the USB controller. Anders ----- Original Message ----- From: "Alon Bar-Lev" <alon.bar...@gmail.com> To: "Anders Rundgren" <anders.rundg...@telia.com> Cc: "Timothy J. Miller" <tmil...@mitre.org>; <opensc-devel@lists.opensc-project.org> Sent: Tuesday, May 05, 2009 21:31 Subject: Re: [opensc-devel] OpenSC's future relevance On 5/5/09, Anders Rundgren <anders.rundg...@telia.com> wrote: > P15 - Does not add value (except for consultants...) > 7816 and file systems - Ridiculous > Serial t0/t1 communication - Obsolete > Active card-readers - Why? > P11 - 10% is OK, the rest is rubbish You take a lot of efforts and take it lightly and superficial. If you don't understand something, it does not mean it is incorrect. You can argue the same about car design, go and build your own, only to find out why it was complex in the first place. Alon. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
