Re: [Opensc-devel] State of stateless support

[David W. <dw...@in...>]

On Fri, 2015-11-13 at 13:29 +0200, Alon Bar-Lev wrote:
> 
> PKCS#11 spec clearly state how it should behave in multi-application
> environment.
> OpenSC's PKCS#11 provider does not comply with this and other
> requirements, unless configured to use insecure mode.
> It is long pending issue, I documented it explicitly 7 years ago[1] so
> people will be aware.
> It is one of the reason why opensc framework cannot be used in real life.

Hi Alon,

As ever, it's nice to hear from you.

I think you are quite right that this should be fixed in OpenSC... but
it's been 7 years now since you documented it, and still it doesn't
seem to be universally understood let alone show any signs of being
fixed.

So perhaps it isn't entirely out of order to suggest how someone might
work around it at a higher level. But I should have said 'work around'
rather than 'solve'. Thanks for correcting me.

Note that there are plenty of implementations of PKCS#11 RPC. The one
in p11-kit is only one of them.

-- 
David Woodhouse                            Open Source Technology Centre
Dav...@in...                              Intel Corporation