M.Hunstock wrote:
Anders Rundgren schrieb:
BTW, we still don't have a credible system for *remote* provisioning of
smart cards on any OS, so we shouldn't expect too much progress here
because PKCS #11 can't do that job actually!
Why? What are you missing?
http://webpki.org/papers/keygen2/secure-key-store.pdf
"even if you buy a $100 card; it still doesn’t enable an on-line
issuer to verify that keys were actually created in the card"
The idea is to be able to create so called "hard" certificates using "soft"
methods which has numerous application with mobile phones as the #1 target.
The SIM-vision has proven to be practically useless for reasons like ownership,
business model and limited space.
I recently upgraded the concept so that can be applied to enhanced smart cards
to easier reach critical mass.
So it is not PKCS #11 that is lacking stuff, it is the entire ecosystem from
protocols, middleware, to cryptographic containers.
This may look like a truly suicidal mission but I think it may turn out to
be easier to do something new than trying to "upgrade" stuff that was
conceived in another time and for another purpose! At least you don't
have to worry about backward compatibility[*] since there is none :-)
Anders
*] Key "execution" is unaffected, it is the rest that is "broken".
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
