Michael Ströder wrote, On 2008-11-27 06:02: > Anders Rundgren wrote: >> >> So what is then real problem? >> >> 1. The European Smart Card industry who do not want to become suppliers >> >> of commodities. >> >> >??? >> >Each time I talked to smartcard vendors they were keen on selling their >> >stuff. The more the better. >> >> You mean there is a standard blank smartcard that you can buy from >> multiple vendors that works right-out-of-the-box in most computer >> systems? Using what kind of standard personalization software? > > Different vendors have different smartcards but you can use them from > different applications through PKCS#11 and CAPI/CSP. The software > quality differs. > > You claimed that banks do not use PKI with smartcards for authc because > there's nothing available. I don't think so. The banks do not want to > get involved with supporting software/hardware installed at the user's > PC. You should look at the HBCI history.
I recently had lunch with a Swiss banking executive whose bank now supports two different USB hardware PKI token gizmos for authentication. As I recall, one is distributed and supported by the Swiss post office. The bank seems quite happy to support the devices, given that the bank is not the sole service to use it, and therefore does not bear the sole support burden. I have contacts in the former Soviet Union who claim that Russian banks now routinely require PKI hardware for authentication as a condition of online banking. How sad that I live is a nation that is such a technological back-water. :) _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
