Jean-Michel Pouré - GOOZE wrote: > On Mon, 2010-04-19 at 09:55 +0200, Anders Rundgren wrote: >> Regarding what is ready and what's not, it is entirely clear that >> card initialization is NOT READY for mass-market adoption.
> ? This may be a no-issue for you and OpenSC but please tell me how you enroll keys in your iPhone, it essentially the same problem although the iPhone is not a smart card. Like this: ? http://na.blackberry.com/eng/ataglance/security/products/smartcardreader that's a $200+ clumsy card reader requiring third party software that typically breaks for each iteration of the mobile OS. >> OpenSC >> does currently not support end-to-end security initialization so IMO >> it is not suitable as is and I also believe that the symmetric key >> card solutions that you can buy are useless on the Internet. > > False. On Gooze.eu, I am writing a tutorial explaining how to use > CAcert.org to manage smart cards, from initialization to revocation. I wonder if we talking about the same subject. I'm talking about establishing a secure channel between the card and the CA so that the CA actually knows that the key-pair was created in the card. > I still believe you are working only spec. That's *almost* true but the spec. is derived from hands-experiences with cards as well as standardization efforts gone wrong due to the tokens vendors focus on preserving "uniqueness" which is sort of the opposite to "interoperability". >If you don't use smartcards, > you are not going to understand what is currently available. I use smart cards and they don't work as our customers' expect them to and I think think they are right :-). I feel caught in the cross-fire between "system integrators". Passwords do not need this lot.... > > Kind regards, Agreed! Anders _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
