On 2012-11-15 08:56, Andreas Schwier wrote: > Does the API matter anyway ? > > No, it's the functionality the TEE provides: Generate, store, maintain > and use cryptographic material and do all kinds of risk management. And > these functions do not really require web service and overloaded APIs. > They require APIs that are consistent, simple to implement and simple to > be security evaluated. An ISO 7816-4 API is not an elegant API, but is > has been around for a long time, people understand it and it does what > it is supposed to do.
There's a fly in the soup. The smart card industry haven't after all these years been able establishing an enrollment system for the web. I.e. there is nothing to build on really so we might as well start from scratch. Another hurdle is that the GP security model is incompatible with the Internet: GP presumes mutual authentication AFAIK. This is how the Google Wallet currently works (Google holds the master keys to the SE) but that's not really cutting it. Anders > > I would love to see a CC certified TEE that has an embedded JavaCard VM > with lots of memory and sufficient processing power. > > Andreas > > Am 15.11.2012 00:13, schrieb Peter Stuge: >> Anders Rundgren wrote: >>> http://www.theregister.co.uk/2012/11/13/trustzone_company >>> >>> Smart cards? Don't think so. >> TrustZone isn't half bad hardware. >> >> But I bet that the solution they come up with will still use exactly >> the same old APDUs, with just a minimum bolted-on, in order to make >> something that just barely works. >> >> >> //Peter >> _______________________________________________ >> opensc-devel mailing list >> opensc-devel@lists.opensc-project.org >> http://www.opensc-project.org/mailman/listinfo/opensc-devel > > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
