This is something I really hate:
http://www.evs.ee/product/tabid/59/p-165216-cents-15480-22007.aspx
Paying for *open* standards!
Anyway, this scheme will get hard competition from a lot of places including
the token vendors who certainly do not want to become replaceable like USB
memory sticks.
The IAS scheme also fails to address other important things like:
- Questionable support for other providers. How many credentials don't
we have these days?
- Card readers are still not a standard facility
- And of course; how does this relate to "iPhone" et al? Like this?
http://na.blackberry.com/eng/ataglance/security/products/smartcardreader
</redirect?url=http%3A%2F%2Fna%2Eblackberry%2Ecom%2Feng%2Fataglance%2Fsecurity%2Fproducts%2Fsmartcardreader&urlhash=VMCz&_t=mbox_grop>
- Probably cannot be on-line provisioned in a credible way
This is the reason (shameless plug) why I still believe that an Open
Hardware
project based on
http://webpki.org/papers/keygen2/secure-key-store.pdf and
</redirect?url=http%3A%2F%2Fwebpki%2Eorg%2Fpapers%2Fkeygen2%2Fsecure-key-store%2Epdf&urlhash=dD__&_t=mbox_grop>
http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3879
in fact may turn out as a viable concept. It's not rocket science,
it is just plain old-fashioned engineering :-)
Anders
Jean-Marc Desperrier wrote:
Kyle Hamilton wrote:
I'm not aware of any such profile. There is smart card profile
> but I doubt it has much to do with PKCS #11, it is rather about
> 7816.
You're right, PKCS#11.
http://www.usb.org/developers/docs/EH_MR_rev1.pdf
But what is "7861"?
He's refering to ISO7816, the set of smart card standards :
http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816.aspx
But I didn't see even a reference to that in the document you refer,
thought USB smart card reader seem to be quite properly standardized,
so it certainly does exist.
The trouble is that each smart card uses specific commands, which
makes it impossible to go from ISO7816 to a universal pkcs#11 driver.
In Europe, we see the start of going out of that through the European
Citizen Card (ECC) standard "CEN TS 15480" and the IAS (Identification
Authentication Signature) service based on it that enable this time to
have a universal middleware, up to the pkcs#11 signature service
layer. Unfortunately, very few cards comply to this standard.
In case you are interested in some details about this IAS ECC thing,
here's a few pointers :
http://www.oberthurcs.com/press_page.aspx?id=211&otherid=112
http://www.gemalto.com/products/multiapp_id_ias_ecc
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
