* Antti-Juhani Kaijanaho ([EMAIL PROTECTED]) wrote: > Package: mozilla-opensc > Version: 0.11.1-2 > Severity: normal > > The Finnish national identity cards (FINEID) contain two secret keys: > one of them is for common authentication and the other is for > nonrepudiable signatures backed by law. These keys have different PINs; > PIN1 is for common auth and PIN2 is for signatures. > > It is obvious that PIN2 should only ever be requested when a signature > is needed. Therefore, asking for PIN2 when logging in to a website is > harmful. This is, however, what happens when using mozilla-opensc.
Any change in later versions? -- Eric Dorland <[EMAIL PROTECTED]> ICQ: #61138586, Jabber: [EMAIL PROTECTED]
signature.asc
Description: Digital signature
