Frank Morgner wrote:
> > > But you can also accept the overhead and use standardized
> > > interfaces. This approach gives you support for a wide variety of
> > > applications and (existent) hardware/software.
> >
> > The *only* interface that matters is p11.
>
> This is not true in many regards.
On Tuesday, April 26 at 09:07PM, Peter Stuge wrote:
> Frank Morgner wrote:
> > But you can also accept the overhead and use standardized
> > interfaces. This approach gives you support for a wide variety of
> > applications and (existent) hardware/software.
>
> The *only* interface that matters is
On 26/04/2011 19:16, Anders Rundgren wrote:
> As far as I know not a single HSM (even those who cost $20 000)
> out there is able to certify that keys actually were created
> inside of the HSM!!! A $10-$20 SKS always attests the origin
> of created keys using a built-in device key and certificate
On 26/04/2011 15:19, Alon Bar-Lev wrote:
> Just wanted to note that exposing such device to IP stack makes it a
> target to hack,
That's why I'm quite reluctant to enable Ethernet port on such a dongle.
> packaging is much more difficult.
I don't want to compete with $20k HSM. They use dedicated H
Frank Morgner wrote:
> But you can also accept the overhead and use standardized
> interfaces. This approach gives you support for a wide variety of
> applications and (existent) hardware/software.
The *only* interface that matters is p11. All the other crap is 30
year old legacy that the world wo
On Tuesday, April 26 at 08:34PM, NdK wrote:
>
> On 26/04/2011 18:51, Frank Morgner wrote:
>
> > You forgot to mention Virtual Smart Card Architecture
> Already seen that, but always "wrappers wrapped in other wrappers" :(
Well, it IS what you requested: CCID+virtual token.
> The architecture ca
On 26/04/2011 18:51, Frank Morgner wrote:
> You forgot to mention Virtual Smart Card Architecture
Already seen that, but always "wrappers wrapped in other wrappers" :(
The architecture can be greatly simplified: no need for APDUs
encoding/decoding, no need to handle card insertion/extraction, no
On 2011-04-26 14:55, NdK wrote:
> Il 26/04/2011 12:41, Anders Rundgren ha scritto:
>> An unusual (unique?) aspect of the mentioned project is that
>> it is designed to be integrated in browsers.
> It aims at "client" security. My target is server security, so I don't
> have to leave .key files ar
On Tuesday, April 26 at 12:41PM, Anders Rundgren wrote:
>
> I don't know what you had in mind with an "USB P11 token"
> but in case you would like to participate in an effort
> making sort of a USB P11 token there is already a project
> to dig in to:
>
> http://webpki.org/auth-token-4-the-cloud.h
Just wanted to note that exposing such device to IP stack makes it a
target to hack, packaging is much more difficult.
Also, that in crypto caching is not a problem as 99.99% of time
the content of the crypto device is constant.
About using USB directly, well, I disagree... I see this much li
Il 26/04/2011 12:26, Peter Stuge ha scritto:
> NdK wrote:
>> Fox Board ( http://acmesystems.com/ ).
> .it
Good catch :)
> I will probably get a gumstix board for another couple of projects,
> and might prototype on that. I'm not sure the final system should run
> Linux because it's a whole lot of
Il 26/04/2011 12:41, Anders Rundgren ha scritto:
> I don't know what you had in mind with an "USB P11 token"
> but in case you would like to participate in an effort
> making sort of a USB P11 token there is already a project
> to dig in to:
> http://webpki.org/auth-token-4-the-cloud.html
Interest
Il 26/04/2011 11:28, Alon Bar-Lev ha scritto:
>> Since speed is quite critical, I was thinking to use something like G20
>> Fox Board ( http://acmesystems.com/ ). It's surely not cheap (anyway it
>> can be WAY cheaper than other solutions), but it's tiny, fast (400MHz
>> ARM9), can work as USB dev
Il 26/04/2011 13:47, Peter Stuge ha scritto:
> "forces local communications" makes no sense. If the device is
> connected via USB then it will be local regardless of which interface
> class it uses.
And you can even use UsbIP stack if you want...
> Maybe you will argue that it should implement CD
Alon Bar-Lev wrote:
> >> it would be better to emulate some standard interface, such as
> >> serial over USB.
> >
> > Absolutely not.
>
> I would not dismiss this entirely...
Yes, entirely. It is incredibly silly to create a protocol on top of
stream emulation on top of a protocol which is *ALREA
On Tue, Apr 26, 2011 at 1:23 PM, Peter Stuge wrote:
> Alon Bar-Lev wrote:
>> it would be better to emulate some standard interface, such as
>> serial over USB.
>
> Absolutely not.
I would not dismiss this entirely...
>> Serial over USB has the advantage to work on all modern operating
>> systems
I don't know what you had in mind with an "USB P11 token"
but in case you would like to participate in an effort
making sort of a USB P11 token there is already a project
to dig in to:
http://webpki.org/auth-token-4-the-cloud.html
If you take a deep peek in the extensive documentation
you will no
NdK wrote:
> Fox Board ( http://acmesystems.com/ ).
.it
> It's surely not cheap
I will probably get a gumstix board for another couple of projects,
and might prototype on that. I'm not sure the final system should run
Linux because it's a whole lot of code for a simple device and
because it does
Alon Bar-Lev wrote:
> it would be better to emulate some standard interface, such as
> serial over USB.
Absolutely not.
> Serial over USB has the advantage to work on all modern operating
> systems, including Windows (PKCS#11 only not mini CSP). While
> implementing all logic within userspace.
On Tue, Apr 26, 2011 at 11:45 AM, NdK wrote:
>> I was thinking microcontroller size, but if you're using a more
>> powerful USB device hardware that can run Linux then it could be
>> realized pretty quickly using softhsm.
> Since speed is quite critical, I was thinking to use something like G20
>
Il 26/04/2011 09:51, Peter Stuge ha scritto:
> NdK wrote:
>> One of the projects on my TODO list (quite a long list :( ) is to
>> implement a suitable interface (CCID+virtual token? Could be better to
>> opt for something that doesn't require APDUs...) on an embedded system
>> w/ USB device interfa
NdK wrote:
> One of the projects on my TODO list (quite a long list :( ) is to
> implement a suitable interface (CCID+virtual token? Could be better to
> opt for something that doesn't require APDUs...) on an embedded system
> w/ USB device interface...
Right. This is the idea for a USB p11 token
22 matches
Mail list logo
