2009/10/4 Anders Rundgren <anders.rundg...@telia.com>: > I don't know what the purpose is with Online ATR parsing. Is it > about finding out the card's identity and type?
Yes. And also for knowing what information is contained in the ATR. If you don't see the purpose of parsing an ATR maybe you don't need this service. > I'm personally skeptical about using non-secured information obtained > over the Internet for security-related tasks which is the reason why I > began plotting with device certificates instead of ATR strings. An ATR is not secret. All the cards of the same type have the same ATR. > Device certificates (and associated private keys) do not only identify the > container but also vouch for that generated keys really were generated > in the card and not in software. In general they are "user" certificates, not "device". But that is a completely different problem. Bye -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
