>> Smart cards are essentially never provisioned using<keygen> except >> in very local instances such as within an organization. > >> Why is that? Because it doesn't work.
>I'm not what you mean "it doesn't work". We are using smart cards almost >everywhere without a problem. We use keygen for generating the keys on >the smart card. It works every time...perhaps you can explain where >exactly the problem is? Before going into details you/we need to set the scenery otherwise we don't know what we are discussing. Q: Why use smart cards? A: Because they are conveniant. Wrong answer; issuers don't care about end-users, they care about protecting their business and enforcing their policy. Q: How can an issuer know that the end-user is actually using a smart card? A: It cannot, smart cards were never designed for "open" on-line provision. Q: Can you host a multitude of keys in a smart card? A: No, smart cards are typically designed for a single provider. Q: Can you buy a card from anywhere and start provisioning it? A: Yes, if you are expert, otherwise not. etc etc etc Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
