> I can see where this difficulty is, I've worked on smart cards and it is ... > perverse. I'll see if I can explain it. As an aside I have no idea what > the NSS people think, I'm not speaking for them, and they don't typically > like what I say :) Apologies out of the way, onwards!
This sounds promising! > Good smart card security models will have smart cards talking to smart > cards. To do that, they need some concept of communications, which is what > SMs are (I'm guesssing here). (There are other ways, but as I say, this is > for explanation.) When communicating to an smartcard, you need to send "commands". "hello?"---> <---hello im card what mechanisms you provide?---> <---i do RSA 1024 key gen, sign and en/decrypt do you have RSA keys?---> <---yes, i have one SM just let you wrap this communication, like SSL, to be unreadable (+avoid man in the middle...and so) So, dont think in card communicating between them. This could be, but that is other part of story. > Sure. But, that's a different level of security. Disk drives and signed > applets are moderate-to-boring. Smart cards are several cuts above that. > Just as an example, a proper security model would never let a user choose > low level things out of its trusted platform. E.g., "pay now" and "enter > pin" are good user things, "read cert" is not. This simplest level of security is what im talking about...forget the SM, forget other higher/complex things. This page is trying to get access to your smartcard, Do you allow this? (if you have an smartcard inserted on a reader, you "know" what an smartcard is) > Maybe. You want the smart card to authenticate itself to you? I think. OMG...i really suck in english, isnt it? > There was also some mention of document signing. Yeah, I think I understand > that application ... and I'd say you haven't got a lot of hope there in > getting the smart card open for that via Firefox. How about a downloaded > app? Web. Im looking for a web solution (better than Java, or being compatible with Java, at least) Now i start thinking i should hire a professional translator... -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
