2012/3/22 Anders Rundgren
> Somewhat related to the OpenSC organization discussions:
>
>
> http://www.globalplatform.org/documents/Consumer_Centric_Model_White_PaperMar2012.pdf
>
> I must confess I don't understand a thing of this, neither the business
> model,
> the consumer centric concept, or how it integrates in phones that doesn't
> permit
> changes in the internals except through routing or jail-breaking.
>
my view: all you need is authentication.
their view: no, that is only the start, they want to have applications
deployed on tokens, security policies, and whatnot.
at least they realize people buy their own smartphones and use them. now
they want people to buy their secure tokens and use them, and have a huge
ecosystem build on top of that. well, if that is a sign towards more
compatiblitiy: +1
but in general I still think complex on card systems are a failed model.
all you need is authentication, and the rest can be build much better, much
cheaper, much faster, much more secure as an online system.
Andreas
> Anders
>
> On 2012-03-22 10:33, Alon Bar-Lev wrote:
> > On Thu, Mar 22, 2012 at 12:03 AM, Peter Stuge wrote:
> >> Alon Bar-Lev wrote:
> >>> I will try again.
> >>
> >> Thanks! It really helps!
> >
> > I am glad!
> > Well, let's agree we do not agree... :)
> > At no point in time I argue that the gerrit is not a good tool, I
> > argue the methodology.
> >
> > Anyway, just last note I want to make...
> >
> > OpenSC is by far *NOT* a security project.
> >
> > Yes, that may sound surprising... :)
> >
> > OpenSC deals with security subject, that's true... hardware cryptography.
> >
> > But its origin mission was to provide access (USABILITY) to none
> > Windows (+ none proprietary) users to hardware cryptography, PKCS#15
> > and partially by reverse engineering.
> >
> > If we want OpenSC to be security project, we should probably rewrite
> > the whole thing from scratch. With different priorities, the code will
> > probably be completely different feature set will be smaller, and the
> > quality of the code will be higher, thus also the cost of
> > implementation and maintenance.
> >
> > Few years back, when I tried to push OpenSC enabled tokens to
> > enterprises, I found that I just cannot do that, mainly because of
> > this reason.
> >
> > I don't see this happening without sponsor and some full time developers.
> >
> > Maybe this is another issue that differentiate our views.
> >
> > I think there is a great value in current state of OpenSC to allow
> > people to [at least] use hardware cryptography, even if this is not
> > the perfect implementation, keeping it flexible enough to enlarge the
> > cycle of devices and users.
> >
> > Apart of the value of people can actually use their hardware, this
> > implementation will allow in future the necessary low level details in
> > order to do the rewrite.
> >
> > Alon.
> > ___
> > opensc-devel mailing list
> > opensc-devel@lists.opensc-project.org
> > http://www.opensc-project.org/mailman/listinfo/opensc-devel
> >
>
> ___
> opensc-devel mailing list
> opensc-devel@lists.opensc-project.org
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
___
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel