http://www.redhat.com/docs/manuals/cert-system/admin/7.2/Administration_Guide-Token_Processing_System-Enrolling_Smart_Cards_through_the_Enterprise_Security_Client.html
Just in case somebody still believes that Firefox's and HTML5's <keygen> has
any smart card utility except for a handful of enthusiasts....
That on-line provisioning of PKI hasn't become a "real" standardization item
(HTML5 WG didn't even bother with specifying requirements...) is because the
primary funders of standardization in this space (governments and banks), do
not regard on-line provisioning to end-users as a serious alternative. IMO
they are entirely correct!
However, this is not cast in stone but it is anything but simple to change; my
current plans include an eight-pass (!) protocol as well as considerable
reprogramming of smart cards:
http://webpki.org/papers/keygen2/secure-key-store.pdf
Although this project is just a hobby and thus runs slow as hell, it is still
faster than nothing which is currently the only known challenger :-)
Cheers,
Anders
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
