Re: [opensc-devel] OpenSC 12.0
On Dec 21, 2010, at 1:50 AM, Andre Zepezauer wrote: > In other words, milestone 0.12.0 would be finished within the next view > days. Good, no objections about that. But having the ticket system in a > state, that reflects that fact would be nice too. According to the three > points above, that means either closing tickets or pushing them forward > to the next milestone. > > How it was handled in the releases before? It was not really handled systematically, as is visible from the quite many stale tickets from years ago. -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
On Mon, 2010-12-20 at 22:49 +0200, Martin Paljak wrote: > Hi, > > On Dec 20, 2010, at 7:10 PM, Andre Zepezauer wrote: > > On Mon, 2010-12-20 at 17:42 +0200, Martin Paljak wrote: > >> Hello, > >> On Dec 20, 2010, at 4:58 PM, Brian Thomas wrote: > >>> I’m just wondering if anybody has a good estimation as to when OpenSC > >>> 12.0 will be released as final? > >> > >> There were some additional fixes to building without OpenSSL and with > >> Visual Studio [1]. Other than that, it seems to be ready. Unless there > >> will be other comments, it should be announced latest tomorrow evening. > > > > what's about the active tickets [2]. Should we try to reduce them to a > > minimum before the final release is announced? IMO not much would be > > left, if we would handle them as follows: > That would be nice, but if there's no feedback and it can't be independently > verified by somebody, it can just be left there for the defined grace period > and closed once it either times out or is claimed to be verified by somebody. > > > > 1. #216 #220 #269 #291 and maybe more could be closed if there where a > > final confirmation that states that things are working > #216 should probably get some feedback from Linux packagers to be finally > settled, but that's something that will be visible once 0.12.0 is out. > Apparently nobody volunteered to provide sample Debian packages... A > suggestion "Do your packages with pcsc-lite support by default" would > probably do good. But the issue is resolved by now, yes. For the rest the > previous comment should be sficient? > > > 2. moving all the enhancements/supports forward to 0.12.1, because it's > > unlikely that they get fixed in 0.12.0 > Support tickets should be discarded. As said, "support" category is only > meant for administrative categorization purposes.. > > > > 3. finding a solutions for all the remaining tickets. That could be: > > * fixing them now or > > * fixing them in 0.12.1 > Best effort basis for 0.12.X onwards. Should push out the 0.12 before > Christmas. In other words, milestone 0.12.0 would be finished within the next view days. Good, no objections about that. But having the ticket system in a state, that reflects that fact would be nice too. According to the three points above, that means either closing tickets or pushing them forward to the next milestone. How it was handled in the releases before? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
Hi, On Dec 20, 2010, at 7:10 PM, Andre Zepezauer wrote: > On Mon, 2010-12-20 at 17:42 +0200, Martin Paljak wrote: >> Hello, >> On Dec 20, 2010, at 4:58 PM, Brian Thomas wrote: >>> I’m just wondering if anybody has a good estimation as to when OpenSC 12.0 >>> will be released as final? >> >> There were some additional fixes to building without OpenSSL and with Visual >> Studio [1]. Other than that, it seems to be ready. Unless there will be >> other comments, it should be announced latest tomorrow evening. > > what's about the active tickets [2]. Should we try to reduce them to a > minimum before the final release is announced? IMO not much would be > left, if we would handle them as follows: That would be nice, but if there's no feedback and it can't be independently verified by somebody, it can just be left there for the defined grace period and closed once it either times out or is claimed to be verified by somebody. > 1. #216 #220 #269 #291 and maybe more could be closed if there where a > final confirmation that states that things are working #216 should probably get some feedback from Linux packagers to be finally settled, but that's something that will be visible once 0.12.0 is out. Apparently nobody volunteered to provide sample Debian packages... A suggestion "Do your packages with pcsc-lite support by default" would probably do good. But the issue is resolved by now, yes. For the rest the previous comment should be sficient? > 2. moving all the enhancements/supports forward to 0.12.1, because it's > unlikely that they get fixed in 0.12.0 Support tickets should be discarded. As said, "support" category is only meant for administrative categorization purposes.. > 3. finding a solutions for all the remaining tickets. That could be: > * fixing them now or > * fixing them in 0.12.1 Best effort basis for 0.12.X onwards. Should push out the 0.12 before Christmas. Cheers. -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
On 12/20/2010 12:37 PM, Andreas Jellinghaus wrote: > Am Montag 20 Dezember 2010, um 15:35:31 schrieb Douglas E. Engert: >> On 12/20/2010 12:39 AM, Nikolay Elenkov wrote: >>> On 2010/12/20 15:23, Andreas Jellinghaus wrote: 2.) a PKCS-CSP such as the ID-Ally CSP, CSP#11 or PKCSCP - all these packages implement a CSP, but they don't talk to the smart card directly. Instead they load a pkcs#11 plugin to do that, such as opensc-pkcs11.so >> >> There is also coolkey, that can call PKCS#11. Works better with a few >> mods... > > Coolkey CSP is the open source'd ID Ally CSP as far as I know. > > The ID Ally CSP always worked well for me. I have used both as well. Coolkey CSP has: "Copyright © 2003-2005 Identity Alliance" It has not been updated since February 2007. http://www.directory.fedora.redhat.com/wiki/CoolKey says abount the coolkey PKCS#11 module: "In addition CoolKey PKCS #11 provides access to CAC cards, and in the future PIV compliant cards." Since The CAC cards are being phased out, in favor of dual CAC and PIV cards then to PIV only cards and Windows 7 has a built in PIV minidriver. it is not very likly that coolkey pkcs#11 will be updated. The coolkey CSP had hard coded in the name of the coolkey PKCS11 module. The mods I sent to OpenSC in 2009 addressed this issue as well as some others. The minidriver for OpenSC might be a good choice for OpenSC for other cards. > > Regards, Andreas > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
Am Montag 20 Dezember 2010, um 15:35:31 schrieb Douglas E. Engert: > On 12/20/2010 12:39 AM, Nikolay Elenkov wrote: > > On 2010/12/20 15:23, Andreas Jellinghaus wrote: > >> 2.) a PKCS-CSP such as the ID-Ally CSP, CSP#11 or PKCSCP - all these > >> > >> packages implement a CSP, but they don't talk to the smart card > >> directly. Instead they load a pkcs#11 plugin to do that, such as > >> opensc-pkcs11.so > > There is also coolkey, that can call PKCS#11. Works better with a few > mods... Coolkey CSP is the open source'd ID Ally CSP as far as I know. The ID Ally CSP always worked well for me. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
On Mon, Dec 20, 2010 at 19:21, Brian Thomas wrote: > All, > > I have one additional concern. With OpenSC version 0.11.13, the Muscle > applet appeared to work just fine. When I tried version 12, OpenSC does not > talk to the Muscle card at all: "Unsupported Card". Any words of wisdom? The problem with MuscleApplet is the number of variations it can be built as and the number of different cards it can be loaded to. From where did you get the source, how did you compile it, onto which card did you load it? Do you have a log of the APDU-s you used, or which OpenSC uses? ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
Am Montag 20 Dezember 2010, um 07:39:43 schrieb Nikolay Elenkov: > On 2010/12/20 15:23, Andreas Jellinghaus wrote: > > 2.) a PKCS-CSP such as the ID-Ally CSP, CSP#11 or PKCSCP - all these > > > > packages implement a CSP, but they don't talk to the smart card > > directly. Instead they load a pkcs#11 plugin to do that, such as > > opensc-pkcs11.so > > Forgot all about those. Are any of those still supported? Last I checked > was maybe a couple of years ago and they were pretty much dead. ID Ally CSP worked ok for me. An open source version is available in redhat or fedora as coolkey CSP as far as I know. I haven't tried anything later than XP however, and did only basic testing back then. Regards, Andreas ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
All, I have one additional concern. With OpenSC version 0.11.13, the Muscle applet appeared to work just fine. When I tried version 12, OpenSC does not talk to the Muscle card at all: "Unsupported Card". Any words of wisdom? Thanks, Brian Thomas -Original Message- From: Andre Zepezauer [mailto:andre.zepeza...@student.uni-halle.de] Sent: Monday, December 20, 2010 11:11 AM To: Martin Paljak Cc: Brian Thomas; opensc-devel@lists.opensc-project.org Subject: Re: [opensc-devel] OpenSC 12.0 Hello Martin, On Mon, 2010-12-20 at 17:42 +0200, Martin Paljak wrote: > Hello, > On Dec 20, 2010, at 4:58 PM, Brian Thomas wrote: > > I’m just wondering if anybody has a good estimation as to when OpenSC 12.0 > > will be released as final? > > There were some additional fixes to building without OpenSSL and with Visual > Studio [1]. Other than that, it seems to be ready. Unless there will be other > comments, it should be announced latest tomorrow evening. what's about the active tickets [2]. Should we try to reduce them to a minimum before the final release is announced? IMO not much would be left, if we would handle them as follows: 1. #216 #220 #269 #291 and maybe more could be closed if there where a final confirmation that states that things are working 2. moving all the enhancements/supports forward to 0.12.1, because it's unlikely that they get fixed in 0.12.0 3. finding a solutions for all the remaining tickets. That could be: * fixing them now or * fixing them in 0.12.1 @All: Other ideas about how to handle the active tickets relating to 0.12.0? Regards Andre > [1] > http://www.opensc-project.org/opensc/log/trunk?action=stop_on_copy&mode=stop_on_copy&rev=4979&stop_rev=4961&limit=100 [2] http://www.opensc-project.org/opensc/query?status=assigned&status=new&status=reopened&group=status&milestone=0.12.0 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
Hello Martin, On Mon, 2010-12-20 at 17:42 +0200, Martin Paljak wrote: > Hello, > On Dec 20, 2010, at 4:58 PM, Brian Thomas wrote: > > I’m just wondering if anybody has a good estimation as to when OpenSC 12.0 > > will be released as final? > > There were some additional fixes to building without OpenSSL and with Visual > Studio [1]. Other than that, it seems to be ready. Unless there will be other > comments, it should be announced latest tomorrow evening. what's about the active tickets [2]. Should we try to reduce them to a minimum before the final release is announced? IMO not much would be left, if we would handle them as follows: 1. #216 #220 #269 #291 and maybe more could be closed if there where a final confirmation that states that things are working 2. moving all the enhancements/supports forward to 0.12.1, because it's unlikely that they get fixed in 0.12.0 3. finding a solutions for all the remaining tickets. That could be: * fixing them now or * fixing them in 0.12.1 @All: Other ideas about how to handle the active tickets relating to 0.12.0? Regards Andre > [1] > http://www.opensc-project.org/opensc/log/trunk?action=stop_on_copy&mode=stop_on_copy&rev=4979&stop_rev=4961&limit=100 [2] http://www.opensc-project.org/opensc/query?status=assigned&status=new&status=reopened&group=status&milestone=0.12.0 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] OpenSC 12.0
Hello, On Dec 20, 2010, at 4:58 PM, Brian Thomas wrote: > I’m just wondering if anybody has a good estimation as to when OpenSC 12.0 > will be released as final? There were some additional fixes to building without OpenSSL and with Visual Studio [1]. Other than that, it seems to be ready. Unless there will be other comments, it should be announced latest tomorrow evening. > Also, the Feitian FTCOS/PK-01C works with RC2 however, it appears that only > a single Pin for everything (user, Security Officer, PUK) is supported. Is > this true? Yes, AFAIK entersafe driver supports just a single PIN. [1] http://www.opensc-project.org/opensc/log/trunk?action=stop_on_copy&mode=stop_on_copy&rev=4979&stop_rev=4961&limit=100 -- @MartinPaljak.net +3725156495 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
[opensc-devel] OpenSC 12.0
Hello, I'm just wondering if anybody has a good estimation as to when OpenSC 12.0 will be released as final? Also, the Feitian FTCOS/PK-01C works with RC2 however, it appears that only a single Pin for everything (user, Security Officer, PUK) is supported. Is this true? Best Regards, Brian Thomas ITSEC Specialist Systems Engineer Astronautics Corporation of America 414-449-4223 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
On 12/20/2010 12:39 AM, Nikolay Elenkov wrote: > On 2010/12/20 15:23, Andreas Jellinghaus wrote: > >> 2.) a PKCS-CSP such as the ID-Ally CSP, CSP#11 or PKCSCP - all these >> packages implement a CSP, but they don't talk to the smart card >> directly. Instead they load a pkcs#11 plugin to do that, such as >> opensc-pkcs11.so There is also coolkey, that can call PKCS#11. Works better with a few mods... See: http://www.opensc-project.org/pipermail/opensc-devel/2009-February/011905.html > > Forgot all about those. Are any of those still supported? Last I checked was > maybe a couple of years ago and they were pretty much dead. > ___ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > > -- Douglas E. Engert Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
2010/12/20 Jean-Michel Pouré - GOOZE : > Le lundi 20 décembre 2010 à 09:08 +0200, Martin Paljak a écrit : >> AFAIK nothing has changed. I have not seen a signed and properly >> functioning PKCS#11-CSP bridge, available with source code. Maybe >> there are proprietary implementations, but I'm not aware of any. > > GOOZE is ready to give a bounty for working on a full implementation of > a PKCS#11-CSP bridge. Why not announce the bounty here on the list, together with success criteria and offered amount? From software design POV, I would not suggest to create such CSP but improve the minidriver instead. To not repeat what others have already said very well, I'd refer you to the first reply in the thread I linked in my previous e-mail. Nevertheless, it would be nice if somebody reanimated one of the PKCS#11 related CSP-s. Cheers, Martin. ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
Re: [opensc-devel] Windows 7 support for PKCS#11 => mini-driver
Le lundi 20 décembre 2010 à 09:08 +0200, Martin Paljak a écrit : > AFAIK nothing has changed. I have not seen a signed and properly > functioning PKCS#11-CSP bridge, available with source code. Maybe > there are proprietary implementations, but I'm not aware of any. GOOZE is ready to give a bounty for working on a full implementation of a PKCS#11-CSP bridge. Contact me on GOOZE for more information: https://www.gooze.eu/contact Kind regards, -- Jean-Michel Pouré - Gooze - http://www.gooze.eu ___ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
