Re: [Opensc-devel] State of stateless support

[David W. <dw...@in...>]

On Thu, 2015-11-12 at 11:47 +0100, Frank Morgner wrote:
> Nobody is working on this. Could you state what you think the
> (security) problem currently is?

As I understand it, the problem is that once *one* client has
authenticated to the device, other clients can make use of that
authenticated state — there's no way for the device to know that
actually this request is coming from a *different* client to the one
that gave the correct PIN.

This depends on the applet in use, of course, and the way it
communicates with OpenSC. Some might actually have digital signatures
on each request, so that the rogue client *can't* make a request that
looks like it came from the genuine client. Most don't.


One way to solve this problem might be to *enforce* exclusive access,
by a single dæmon process. The actual users (the web browser, and the
VPN client in Martin's case) would just use a simple PKCS#11 RPC module
instead.

Then all the session management is within *one* process and the problem
should be easily solvable (and indeed should be handled correctly by
the various existing implementations of PKCS#11 RPC).

Such an approach would probably be outside the scope of OpenSC; it
lives in a more generic PKCS#11 management tool, such as p11-kit. Which
does indeed already have RPC facilities.

-- 
David Woodhouse                            Open Source Technology Centre
Dav...@in...                              Intel Corporation