On Jul 15, 2010, at 2:53 PM, Anders Rundgren wrote: > On 2010-07-15 12:24, Jean-Michel Pouré - GOOZE wrote: >> On Thu, 2010-07-15 at 11:50 +0200, Anders Rundgren wrote: >>> It always felt like a good idea creating a card-edge standard >>> for tokens that only are used for login etc. >> IMHO, OTP (One Time Passwords) generators, following OATH standard, is a >> very nice solution as regards single logon. It cannot be more simple and >> users don't have to physically connect the token to any hardware. >> > Exactly! This is why EU banks have [generally] settled on OTP rather than > PKI. With authentication solutions you either roll your own (like OTP tokens) or re-use. PKI has in theory better scalability than OTP peering. Rolling out your own PKI apparently is more expensive than OTP.
> My intention is making consumer-PKI more realistic by (long-term) eliminating > the need for proprietary middleware so that PKI-cards become like SIM-cards, > not forcing consumers to download "drivers". > > MSFT claims that the "MiniDriver" is the solution but the MiniDriver is just > a thin abstraction of a card-specific interface, not a card-edge standard. In > addition, it doesn't support provisioning AFAICT. Minidriver is a software solution, as good (or bad) as Tokend on OS X. > Going back to OTP and OATH, the solution I'm working on is targeting this in > mobile phones since they are everywhere. It is "only" a de-facto standard > for getting the OTP seeds on-board that is missing :-) Have you heard of GBA? http://en.wikipedia.org/wiki/Generic_Bootstrapping_Architecture -- Martin Paljak @martinpaljak.net +3725156495 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
