From: Oscar Jacobsson <[EMAIL PROTECTED]>
oscar> I think the design would be made needlessly complex by mandating this
oscar> scalability.
oscar>
oscar> The use cases needed for your smart card API would be, say: encrypt
oscar> this, decrypt this, sign this, verify this. This is what Cryptoki
oscar> (PKCS#11) does, and does quite well, in my experience.
oscar>
oscar> The use cases for a full-blown PKI repository, which I honestly thought
oscar> was what we were discussing, should probably include: find me the issuer
oscar> of this, give me the status of this, enumerate all my revoked
oscar> certificates. None of these would make much sense to the humble 8k card.
Actually, wouldn't the availability of functionality be somewhat up to
the plug-in as well? In the full-blown PKI, you will also have things
like "fetch me the cert corresponding to this name" and "fetch me the
key (or a handle to the key) with this fingerprint". From a storage
point of view, a smart card (or an nCipher box!) can very well be
viewed as a limited database. That it also has functionality like
symmetric ciphers, digests and pkc is beside the point and outside
this discussion.
The above means that in some cases, there may very well be a very
close connection between our current hardware engines and whatever
database plug-in framework we'll come up with, perhaps even to the
point of having the latter simply be an extension of the current
engine framework (I dunno if that's what everyone else has been
thinking of, but I certainly have from the start). This may be
confusing unless you keep your head straight and avoid mixing apples
and pears.
--
Richard Levitte \ Spannv�gen 38, II \ [EMAIL PROTECTED]
Redakteur@Stacken \ S-168 35 BROMMA \ T: +46-8-26 52 47
\ SWEDEN \ or +46-733-72 88 11
Procurator Odiosus Ex Infernis -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/
Software Engineer, GemPlus: http://www.gemplus.com/
Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
