Hi! > > I don't think that's enough? It doesn't matter if the card trusts the CA, > > it's that the CA has to trust the card.
> Difficult to do more with the common cards. As Andreas said, the German identity card (nPA) has this functionality (BSI TR-03110). A whole bunch of technical guidelines (TRs) describe every entity and process needed. Services that use the ID card for online authentication and identification are already available. What Andreas did not mention is that a card's key is actually shared among multiple cards for privacy reasons. This makes revocation a bit difficult. So for the nPA we will soon see chip individual keys and/or group signature schemes. Cheers, Frank.
pgpTxT2N9kdXh.pgp
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel