On Thu, Oct 18, 2012 at 9:48 PM, Douglas E. Engert <deeng...@anl.gov> wrote:
> So until FF and TB get the fixes, OpenSC-0.13.0 adds a new option to > the opensc.conf file to cache the pin to accommodate older applications. > > pin_cache_ignore_user_consent = true; > Just a suggestion-question: OpenSC behavior in not caching the user consent PIN is logically correct, so why not disregard the user consent bit instead on the PKCS#15 object level? IMHO it feels a bit weird, that there is the PIN caching (to be turned on or off, on by default), then this mechanism that first disables PIN caching (user consent), then there is a mechanism that enables it again. This would of course unfortunately mean crippling the semantics of the module (reporting a "normal" key when in fact it has CKA_ALWAYS_AUTHENTICATE implemented in the hardware). The real problem is the difficulty in exposing the different PKCS#11 hacks and tweaks to different applications in an easily managed way, with concurrent applications... Just a thought. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel