On 12/31/08, Jeffrey Hutzelman wrote:
> > * private data objects were not implemented securely: the
> > old code stored them with a flag "ask for the pin", but did nothing to
> > protect the data, thus everyone can read it. The new code sets the
> > access control right for such data objects
Jeffrey Hutzelman wrote:
> Incidentally, it is arguably time to change the DELETE ACL's on PIN
> and key directories in the cryptoflex and cyberflex access profiles
> to $SOPIN instead of NONE. Anyone have a comment on this?
Sounds good. Please do.
//Peter
__
--On Wednesday, December 31, 2008 09:07:52 AM +0200 Alon Bar-Lev
wrote:
>> Are they actually supposed
>> to be private, per PKCS#15? None of the profiles I looked at do this;
>> are you updating them all, or just cryptoflex?
>
> The PKCS#15 implementation already supported private data object
--On Sunday, December 28, 2008 06:47:46 PM +0100 Andreas Jellinghaus
wrote:
> here is a preview for opensc 0.11.7:
> http://www.opensc-project.org/files/opensc/testing/opensc-0.11.7-pre1.tar
> .gz
>
> this new version has a number of changes for security:
> * lock_login is now on as default. if
here is a preview for opensc 0.11.7:
http://www.opensc-project.org/files/opensc/testing/opensc-0.11.7-pre1.tar.gz
this new version has a number of changes for security:
* lock_login is now on as default. if you want to run thunderbird and firefox
at the same time, both with smart card support, yo
