Alon Bar-Lev wrote: > it would be better to emulate some standard interface, such as > serial over USB.
Absolutely not. > Serial over USB has the advantage to work on all modern operating > systems, including Windows (PKCS#11 only not mini CSP). While > implementing all logic within userspace. The same is true for a vendor specific USB interface thanks to libusb. Most importantly, the vendor specific interface allows to take full advantage of the packet based nature of USB and built-in structured communication. The protocol comes for free and does not need to be implemented on top of a idiotic stream emulation on top of a packet protocol. > Serial over USB has also the potential to be a very secured > implementation. That's BS. No device class is more or less secure than any other. The only purpose of device classes are to bind a common driver to the device. In this case there exists no fitting driver, so vendor specific is the only correct choice. Or maybe you suggest exposing a PKCS#15 filesystem using MSC? > And need to deal with channel encryption.... secured messaging is > not this strong... Encrypt away. No problem. > After solving the above, it is all about PKCS#11 API serialization. > Most of the PKCS#11 objects may be loaded into the host computer. Only > private key operations should be serialized and sent to device in > runtime. > > Proper definition of the communication interface of the device will > enable people to provide compatible hardware. Which would be great. I basically have PKCS#11 over USB in mind. There may need to be a few tweaks, but not too many I think. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel