On 01/05/2011 12:50 PM, Nelson B Bolyard wrote: > On 2011-01-03 13:04 PDT, Anders Rundgren wrote: >> Hi, >> >> I'm in the starting phase upgrading Firefox so that it can provision >> credentials in a way that that banks and governments require which >> among many things include E2ES (End-to-End Security) and issuer- >> specified PIN-codes (or just policies for user-defined dittos). >> >> The plan is mainly focusing on (enhanced) HW-tokens which NSS due >> to its PKCS #11 heritage doesn't support with any of the above. > I know a vendor of a product that includes tokens, pkcs#11 modules for > Windows and Linux, and CA web site software, which product claims to have > end-to-end (CA to token) security and (IIRC) Issuer-specified or issuer > policy controlled PINs. Yes, sort of. The tokens can have multiple pins, but the PKCS #11 module only exposes a single pin. > IINM, it is claimed that all communication with > the token is done through the PKCS#11 module. Token provisioning is outside the PKCS #11 module. It uses global platform secure channels to communicate to the card. The APDU's are specific for the cards applet. > That vendor has at least > one representative who participates occasionally here. Perhaps he can > speak to how that product accomplishes what it does, and/or correct my > misperceptions about the product, Bob. >
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
