Menu
▾
▴
Re: [Opensc-devel] State of stateless support
|
From: Alon Bar-L. <alo...@gm...> - 2015-11-13 11:29:46
|
On 13 November 2015 at 13:06, David Woodhouse <dw...@in...> wrote: <snip> > Such an approach would probably be outside the scope of OpenSC; it > lives in a more generic PKCS#11 management tool, such as p11-kit. Which > does indeed already have RPC facilities. David, please stop trying to push p11-kit to people, it is a problem not a solution. PKCS#11 spec clearly state how it should behave in multi-application environment. OpenSC's PKCS#11 provider does not comply with this and other requirements, unless configured to use insecure mode. It is long pending issue, I documented it explicitly 7 years ago[1] so people will be aware. It is one of the reason why opensc framework cannot be used in real life. There are solutions, I outlined several of these in the bug, any require significant effort within what was then the implementation, maybe there is a change. All solutions should assume another application (also non PKCS#11) can also share the card. Regards, Alon [1] https://www.opensc-project.org/opensc/ticket/186 |
