Hi Nelson, Smart cards are essentially never provisioned using <keygen> except in very local instances such as within an organization.
Why is that? Because it doesn't work. None of the makers of smart cards have invested a single cent in a consumer-oriented on-line provisioning scheme. And if they ever would, it would be entirely proprietary. Anders ----- Original Message ----- From: "Nelson B Bolyard" <nel...@bolyard.me> To: "mozilla's crypto code discussion list" <dev-tech-crypto@lists.mozilla.org> Sent: Saturday, April 18, 2009 10:04 Subject: Re: The <keygen> element Martin Paljak wrote, On 2009-04-18 00:51 PDT: > FYI, Apple has made it virtually impossible to use smart cards with > Safari because of *requiring* such configuration on the client side > (host:port configuration for every certificate for every site where > you want to use it). > > With Firefox I can configure my client once and my wife can use her > card in the same account by just changing the card in the reader. > > With Apple, I can't do it as one Mac user account can have only one > certificate defined for a website profile. It might be a "privacy > enhancing" but it sure is usability busting feature. Martin, please tell us about your uses of smart cards. Some info I'd like to know include: - what kind of entity issued your smart card? government? bank post office? employer? other? Do you and your wife have cards from the same issuers? or different? If different, what kind of entity issued her card? How long have you had your cards? How many different sites do your cards work with? 1? 2? 5? 10? etc? How many times a week do you actually use your card for authenticating to a web site? Do you also use your card for other purposes, such as signed email? TIA -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
