Am Dienstag 05 Mai 2009 21:26:50 schrieb Anders Rundgren: > Using a PKI API scheme you don't need to abstract anything or depend > on 400 pages P11 specs full with optional features making smart cards for > consumers a really messy story. It's about time ending this craze. > > P15 - Does not add value (except for consultants...) > 7816 and file systems - Ridiculous > Serial t0/t1 communication - Obsolete > Active card-readers - Why? > P11 - 10% is OK, the rest is rubbish
I agree, what we have is a very old design, noone would do it like this again these days. Also in general it didn't work out. > For PKI support you only need a rather tiny API. what kind of API? I still think the microsoft approach is the right direction - a high level API good enough, so that applications can be switched from filesystem based certificates to "smart card" based certificates etc. without changes to the application. (at least if the app writer didn't prevent that...). > I plan to implement such an API in consumer-grade USB memory sticks. why memory sticks? some people want to use smart cards, but insist on readers with display and pinpad for security reasons. I think the evolution might take us to pda/smart phone/similar devices - a device you already have and carry around with you, and you trust. (of course mobile phones aren't really secure right now, but I think software stacks like android have the right concepts to build on at least). I rather wonder: what would be the best way to relay the need for signing and decryption to the secure device? bluetooth, usb, wlan? what protocol? and only use a stupid protocol like "sign this hash", or wouldn't it be much better to forward the whole document (e.g.for a pdf signing), or also control other parameters (e.g. ssl session details, so the "none" cipher is not allowed, and the "secure device" can check the ssl server cert too)? I'm worried that - at least with linux - each app seams to have the same basics: ssl settings, crypto settings, list of root certificates and so on. that is a bad design from my point of view, you should not need to configure the same setting in many different places (e.g. turn off md5 if you want that). also for other protocols like ssh I think it would be nice to have security information (e.g. known_hosts file) on the security device too, so that information is shared between computers. having that information on each machine I use without a sync isn't so great. what do you think? what is the direction that secure authentication with a device should take? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
