A very nice report. I agree with your findings about diversity of
authorization models :-)
for smart cards or usb tokens there of course don't exist any "enforced"
security models or backup models etc. One could discuss how it would be
possible to implement such models (using routines etc) in
2011/1/17 Rickard Bellgrim :
> On 17 jan 2011, at 12.56, Martin Paljak wrote:
>> From the report:
>> "For the test of the PKCS#11 interface (review point A.2) we used a
>> specially developed test tool called pkcs11-testing. If desired, please
>> contact the authors to obtain the source code."
>>
On 17 jan 2011, at 12.56, Martin Paljak wrote:
> Most smart cards, especially smart cards personalized by OpenSC, don't have
> very fancy and varying managing capabilities, comparable to HSM-s.
Yes, so you probably have to create another set of review points in this case.
> Yet an overall revi
Hello.
On Jan 17, 2011, at 11:41 AM, Rickard Bellgrim wrote:
> We have written a review of four different HSM:s (AEP, Safenet, Thales, and
> Utimaco) with focus on creating signatures for DNSSEC with the PKCS#11
> interface. Other topics was also addressed like the security model,
> administra
