Hi Alon,
sorry I missed your response since it got filtered away without me
being aware.. Better late than never, I suppose..
On Mon, 2 Jul 2007 21:47:46 +0300
Alon Bar-Lev [EMAIL PROTECTED] wrote:
On 7/2/07, Bud P. Bruegger [EMAIL PROTECTED] wrote:
Hi Alon,
have you already made
But PKCS#11 is interactive API.
How do you suggest the response to be handled?
On 8/8/07, Ph. Marek [EMAIL PROTECTED] wrote:
Hello Alon!
Another idea I just had ...
If the forwarding driver supports serializing the PKCS#11-commands, how about
spooling them into some file, and replaying them
Another idea I just had ...
If the forwarding driver supports serializing the PKCS#11-commands, how
about spooling them into some file, and replaying them somewhere else?
This would allow disconnected smartcard initialization.
But PKCS#11 is interactive API.
How do you suggest the
On 7/2/07, Bud P. Bruegger [EMAIL PROTECTED] wrote:
Hi Alon,
have you already made progress in the implementation? I was very
interested in this since I'd like to write some non-traditional pkcs#11
module and I'd prefer to do that in python... I was wondering whether
the forwarding driver
On 7/2/07, Jim Rees [EMAIL PROTECTED] wrote:
We do something like this to translate kerberos tickets into cert/key usable
from pkcs11. But it only makes sense if you have some way to convince the
CA that it should sign the keypair and issue a cert. In our case that's
kerberos. Otherwise,
There is no getting around the enrollment trust problem. Most
sensible smartcard and PKI deployments handle this via an enrollment
ceremony that involves a face-to-face component.
-- TIm
On Jul 2, 2007, at 1:59 PM, Alon Bar-Lev wrote:
On 7/2/07, Jim Rees [EMAIL PROTECTED] wrote:
We do
On 5/10/07, Peter Stuge [EMAIL PROTECTED] wrote:
This depends on the definition of standard.
Secure shell is also a standard. The SSH agent protocol too.
SSH is, SSH Agent protocol is specific to implementation.
But what really matters is that the SSH agent protocol is already
implemented
Alon Bar-Lev wrote:
If all application such as OpenSSL, GnuTLS, OpenVPN, OpenSSH, GnuPG,
KDE, Gnome, Mozilla etc... would have supported one interface, hence
PKCS#11, user will benafit from a secure environenment.
Now days, a user should run about 5 separate agents on its machine in
order to
Hello Alon!
On Dienstag, 8. Mai 2007, Alon Bar-Lev wrote:
On 5/8/07, Ph. Marek [EMAIL PROTECTED] wrote:
I seem to remember having read about a pkcs#11 forwarding driver, which
allows to forward pkcs#11 calls eg. over a network - to use any pkcs#11
aware application (eg. firefox) with a
On 5/9/07, Ph. Marek [EMAIL PROTECTED] wrote:
That would be very good! If there's something I can help you with (eg.
testing), just ask -- I'll try to reserve some time for you.
That's great!
Do you have any implementation concepts/ideas? Or do you want start them here?
Yes... Some thoughts:
On 5/9/07, Peter Stuge [EMAIL PROTECTED] wrote:
http://alon.barlev.googlepages.com/openssh-pkcs11
Yes, but that's not what I had in mind.
SSH already secures and forwards ssh-agent communication. It would be
more practical and possibly also more secure to have a proxy that
looks like an
Hello Alon!
On Mittwoch, 9. Mai 2007, Alon Bar-Lev wrote:
Yes... Some thoughts:
1. The daemon will expose PKCS#11 interface as protected
authentication path, so that applications will not require to set PIN.
This will allow PKCS#11 single sign-on throughout several
applications.
2.
On Thu, May 10, 2007 at 07:33:21AM +0300, Alon Bar-Lev wrote:
It would be more practical and possibly also more secure to have
a proxy that looks like an ssh-agent
What is the difference between implementing properietary proxy
interface, and allowing openssh to use standard PKCS#11
Hello everbody!
I seem to remember having read about a pkcs#11 forwarding driver, which allows
to forward pkcs#11 calls eg. over a network - to use any pkcs#11 aware
application (eg. firefox) with a smartcard being connected to another system.
Is that just a dream or does such a beast exist?
Wow,
you would have to implement any kind of client server protocol, that is
not part of pkcs11.
Hm, such a thing sound very interesting...
regards
Cornelius
Ph. Marek schrieb:
Hello everbody!
I seem to remember having read about a pkcs#11 forwarding driver, which
allows
to forward
15 matches
Mail list logo