Le mardi 26 avril 2011 à 16:38 +0300, Martin Paljak a écrit :
> For the sake of purity, I don^t think that --list-public-keys should
> display a fake public key object, which does NOT exist on the card in
> relevant PKCS#15 structures. but patches for documentation are most
> welcome.
I understand your point of view.
1) IMHO the public key really exists on card as soon as it derives from
the private key. This is the duality of asymmetric key encryption.
2) The discussion whether a public key should exist as an independent
object to be listed is secondary. From a user point of view, we should
be able to ask "What are all available public keys?". What is important
is that users are going to use the public key.
Telling users "No there is no public key" because of a technical issue X
is nonsense from a usage point of view but also in crypto.
3) Now about your question on deletion: clearly, virtual public keys
should not be deleted. You have to delete the private key.
4) To make a comparison, take the example of a driver and a car maker.
The car maker believes the car should not include the airbag because the
speed limit is 50 km. But drivers are going to drive faster than 50 km
as they need to go to work. So should we include an airbag or not. What
is important is what users are going to do with the car. So we really
need to stick to reality and get the airbag.
The same happens with OpenSC. People are going to use OpenSSH or VPN X/Y
and they need to know which public keys they are going to use, quickly.
Thinking they can access OpenSC documentation and get education is not
the right way to analyse the problem.
Kind regards,
--
Jean-Michel Pouré - Gooze - http://www.gooze.eu
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
