Menu
▾
▴
Re: [Opensc-devel] Motives for OpenSC?
|
From: Andreas S. <and...@ca...> - 2013-08-17 10:25:59
|
Hi Anders, I fully agree with your position. If you look at the current design of popular smart card operating systems (other than plain JavaCards), then these contain an incredible amount of functionality, but only the basic cryptographic functions and a little PIN management is really used at the end. The same for standards: Why should I use a complex PKCS#15 structure to just describe the obvious: I have a user authentication mechanism, some administrative authentication, a set of keys and certificates. On the token/card level I do not need more than what is actually usable at the PKCS#11 level. This combined with a secure provisioning interface is what we had in mind with the SmartCard-HSM design. Keep it simple and stupid - but secure. The key question is how we get a common interface standard ? This is something the user rather than the supplier has to do. It doesn't work for vendor driven ISO standardization, but it works for user driven standardization like EMV or MRTDs. Andreas On 08/17/2013 07:10 AM, Anders Rundgren wrote: > When I look into the OpenSC mailing list I wonder if something isn't fundamentally broken. > > In the end (after provisioning) all smart PKI cards do more or less the same thing; > That is, performs a pretty well standardized RSA or EC operation. > > Wouldn't it be a better use of resources defining a standard PKI card where the operating system > vendors provide the *single* driver instead of relying on installation of third-part SW? > > With automatic updates (of OS and Token), you wouldn't be stuck with a specific design either. > The static structure of current PKI-tokens is extremely counter-productive. There are no security > issues doing firmware updates on-the-fly; it just requires a bit more memory in order to be robust. > > Naturally this wouldn't stop anybody from continuing creating "unique" cards but > a guess is that these cards would only attract a fraction of the market. > > Anders > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
