Am Dienstag 20 April 2010 07:45:41 schrieb Peter Stuge: > Andreas Jellinghaus wrote: > > but I have no clue how to write a new usb protocol. > > Implementing a new USB device and driver is actually pretty easy.
device? driver? is that necessary? host, device or both? it would be nice to create a stream socket over usb somehow, best with simple user space ioctls (i.e. directly using the interface) or libusb as alternative. > One way to do SSL over USB would be to make the device into a USB > network device, and just implement SSL on the device. Not great fun. nah, you already need to address * selecting readers (and listing what is there) * select slots (and list what is there) * slot status * cards in range (for CL) * select card (for CL) * identification (replacement for ATR) not sure how to map that to networking. I think it would be too complex. > Instead of a plug and play device driver, setup might then require > network configuration by the user, and probably a browser plugin. it is easier to access a usb device I think than to ask for a network change. remember all the network details like firewalls, routing, routing software, IPSEC, VPN and other tunnels etc. soo many components you would need to test to make sure you don't interfere with them. > What on the PC side would be authenticated by the device? well if each machine and each card has a certificate and key pair for direct authentication and they can establish a secured line (tls/ssl), that would be a good base. talk whatever protocol you want over that, for example to request some signature from other keys (one that needs the user to enter the pin e.g.), push pdf's for signing or whatever. Regards, Andreas _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
