>>>> Q: How can an issuer know that the end-user is actually using a smart card? >>>> A: It cannot, smart cards were never designed for "open" on-line provision. >>> It all depends on the smartcard software and how it interacts with the >>> enrollment software. >> And if we stick to the initial subject, i.e. <keygen>?
>For Mozilla prodcuts it depends how well the PKCS#11 module for a >certain smartcard is implemented. When looking at the OpenSC mailing >list much of the issues are with different smartcard file system >layouts. But that's a level below <keygen>. Maybe you could enlighten us a bit on how an issuer using <keygen> (which in Mozilla's implementation means connecting to a PKCS #11 driver), in some way can be assured that the user really is using a smart card rather than a file-based key-store? Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
