On 2010-07-15 12:24, Jean-Michel Pouré - GOOZE wrote: > On Thu, 2010-07-15 at 11:50 +0200, Anders Rundgren wrote: >> It always felt like a good idea creating a card-edge standard >> for tokens that only are used for login etc. > IMHO, OTP (One Time Passwords) generators, following OATH standard, is a > very nice solution as regards single logon. It cannot be more simple and > users don't have to physically connect the token to any hardware. > Exactly! This is why EU banks have [generally] settled on OTP rather than PKI.
My intention is making consumer-PKI more realistic by (long-term) eliminating the need for proprietary middleware so that PKI-cards become like SIM-cards, not forcing consumers to download "drivers". MSFT claims that the "MiniDriver" is the solution but the MiniDriver is just a thin abstraction of a card-specific interface, not a card-edge standard. In addition, it doesn't support provisioning AFAICT. Going back to OTP and OATH, the solution I'm working on is targeting this in mobile phones since they are everywhere. It is "only" a de-facto standard for getting the OTP seeds on-board that is missing :-) Try it out: http://keycenter.webpki.org Anders _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel