On 2011-04-26 14:55, NdK wrote: > Il 26/04/2011 12:41, Anders Rundgren ha scritto: <snip> >> An unusual (unique?) aspect of the mentioned project is that >> it is designed to be integrated in browsers.
> It aims at "client" security. My target is server security, so I don't > have to leave .key files around. In case of server compromission, I only > have to reinstall it, w/o having to revoke its certs. > Actually, sort-of TPM module (I could even use TPM, but it's only > available on some motherboards :( and I don't know how fast it can be). It is true that the primary focus is on clients. However, the architecture is by no means limited to clients. As far as I know not a single HSM (even those who cost $20 000) out there is able to certify that keys actually were created inside of the HSM!!! A $10-$20 SKS always attests the origin of created keys using a built-in device key and certificate. With a planned addition to KeyGen2 you will be able to put certificates in devices (servers, routers, etc) using a SCEP-like process that (due to the device certificate) can be performed [securely] without an enrollment password. > >> Although maybe not exactly what you guys are looking for, the >> prime target for the project are people who are NOT interested >> in security or at least know very little about it! Since they >> represent 99% of all users it looks a bigger market :-) > They're not interested as long as theyr money isn't affected. If their > money gets affected, then they become really interested :) > My project is surely heavily overkill for a client. Just like a simple > smartcard is not enough to handle SSL hanshakes on a (moderately to > heavily) busy https server. SKS is a "simple smartcard". That it looks complex is because provisioning is really 10 times as complex as performing an "RSA Sign". Cheers, Anders > BYtE, > Diego. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel