The URLs didn't work so I repost it and this time with a correct subject line...
This is something I really hate: http://www.evs.ee/product/tabid/59/p-165216-cents-15480-22007.aspx Paying for *open* standards! Anyway, this scheme will get hard competition from a lot of places including the token vendors who certainly do not want to become replaceable like USB memory sticks. The IAS scheme also fails to address other important things like: - Questionable support for other providers. How many credentials don't we have these days? - Card readers are still not a standard facility - And of course; how does this relate to "iPhone" et al? Like this? http://na.blackberry.com/eng/ataglance/security/products/smartcardreader - Probably cannot be on-line provisioned in a credible way This is the reason (shameless plug) why I still believe that an Open Hardware project based on http://webpki.org/papers/keygen2/secure-key-store.pdf and http://www.atmel.com/dyn/products/tools_card.asp?tool_id=3879 in fact may turn out as a viable concept. It's not rocket science, it is just plain old-fashioned engineering :-) Anders Jean-Marc Desperrier wrote: Kyle Hamilton wrote: I'm not aware of any such profile. There is smart card profile > but I doubt it has much to do with PKCS #11, it is rather about > 7816. You're right, PKCS#11. http://www.usb.org/developers/docs/EH_MR_rev1.pdf But what is "7861"? He's refering to ISO7816, the set of smart card standards : http://www.cardwerk.com/smartcards/smartcard_standard_ISO7816.aspx But I didn't see even a reference to that in the document you refer, thought USB smart card reader seem to be quite properly standardized, so it certainly does exist. The trouble is that each smart card uses specific commands, which makes it impossible to go from ISO7816 to a universal pkcs#11 driver. In Europe, we see the start of going out of that through the European Citizen Card (ECC) standard "CEN TS 15480" and the IAS (Identification Authentication Signature) service based on it that enable this time to have a universal middleware, up to the pkcs#11 signature service layer. Unfortunately, very few cards comply to this standard. In case you are interested in some details about this IAS ECC thing, here's a few pointers : http://www.oberthurcs.com/press_page.aspx?id=211&otherid=112 http://www.gemalto.com/products/multiapp_id_ias_ecc -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
