Am Freitag 15 Januar 2010 14:48:30 schrieb Viktor TARASOV: > Any objections?
looks good. > for a new pkcs15 object of a given type > the file index is chosen as a first value in the range from 'file-id' to > 'max-id', > excluding the values that are already assigned to the file indexes of > the existing > pkcs15 objects of the same type. hmm. I wonder about two things: a) why check "of the same type" only? sure, normally you wouldn't find a conflict, but if it is easy to check if there is anything with the filename you want to create, it would be best to take the next one. b) for the first of each kind it is best to look at the profile. but what about the second of some kind? wouldn't it be better to mimic the obejct already installed? for example copy the filename (but increase by one) and copy the ACL settings? this could help with cards not initialized with opensc - if they put e.g. a certificate in some subdirectory, then opensc would follow that logic. but maybe this would be too complex, hard to implement or could cause more problems if people try to mix opensc with other software, than it is worth. > Later, I would like to add the possibility for the cards specific > pkcs15init to implement its own procedure (something like existing > 'select_key_reference' for the keys). seems to be a good idea. at least moving the current implementation to be the new default and going through the framework for this stuff would be nice, so we have the system and framework set up for 0.12, even if no card uses it with the first release. Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
