On Jul 1, 2010, at 09:59 , Jean-Michel Pouré - GOOZE wrote: > * More Mac OS X and GNU/Linux frontends Java is available on Linux and Mac OS X, which makes a Java front-end useful universally. From personalization perspective, pushing opensc-pkcs11 personalization capabilities to the limits it has not been designed for can be considered equal effort with Java based card drivers.
> It seems that Seahorse (Gnome) and Keychain (Apple) are the best > candidates to allow to manage smartcards. If you want to work on Keychain, you have to go work at Apple Inc. > Seahorse developers already received some cards, but they may need a > more direct help from OpenSC developers, just like GNUPG developers do. Feel free to provide that direct help if it is requested. Last time I read about it, GnuPG folks do NOT want smart card support in a way that would be useful or suggested by OpenSC (PKCS#11). > * USB key support beyond CCID > > It seems that MS Windows incorporates a mechanism which allows USB token > to work without driver. So there is probably a standard. It would be > nice to hear from that standard. >From where do you take this claim? (or which USB token works without a driver?) > In my opinion, the smartcard market is today very small, probably the > same size as 10 years ago. This is due to the development of security > stores in Mac OS X and GNU/Linux, which make users believe that their > keys are secure. Of course, not. I'm sorry, I guess 80% of users (if not 95%) don't care about smart card personalization (or maybe even smart cards). They use what they are forced to use. They complain if their company has windows-only tokens for VPN. Or if they can't use their eID card on Linux with Opera. Other than that, they just don't care. I can't envision anyone in my family or even many friends in IT sector to knowingly "want my own smart card" other than use eID to get to the carrot when requested or company credentials to get the monthly paycheck. On the other hand, I can envision companies and organisations wishing to distribute tokens for use with their products or services. In such cases, the number of people interested in personalization equals the tech department size of the company and the CEO who wants profit or CSO perspective who wants less fraud/intrusions/whatever. From user perspective, it does not matter how the keys get on the card, as long as the user gets the cookie he's after that requires that key with minimal fuss. From user perspective, applications like Firefox and OpenVPN are the ones that matter. Personalization in the form of "enrollment" is a different story, I'm sure Anders can write in lengths about online enrollment issues with <KEYGEN>. Again, here an applet based solution that can cater to both worlds (online services and local, single-user usage) is superior to a local application. What thrives smart card usage is the number of useful applications (that gets something done, faster and better than without smart cards, better in this context meaning more securely). OpenSC is mostly about asymmetric crypto which makes most sense in PKI, which makes most sense in a networked environment. This means services that can make use of PKI and applications that have support for using the keys of the PKI that reside in smart cards to facilitate those services. I don't know about any mass-market solutions that would make correct use of AES keys on a smart card for example. > Only a good frontends can convince users to buy token in > mass and therefore lower cost. You also disclose your connection: selling feitian cards. -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
