On 20/04/12 00:28 AM, helpcrypto helpcrypto wrote:
I can see where this difficulty is, I've worked on smart cards and it is ...
perverse. I'll see if I can explain it. As an aside I have no idea what
the NSS people think, I'm not speaking for them, and they don't typically
like what I say :) Apologies out of the way, onwards!
This sounds promising!
Good smart card security models will have smart cards talking to smart
cards. To do that, they need some concept of communications, which is what
SMs are (I'm guesssing here). (There are other ways, but as I say, this is
for explanation.)
When communicating to an smartcard, you need to send "commands".
"hello?"--->
<---hello im card
what mechanisms you provide?--->
<---i do RSA 1024 key gen, sign and en/decrypt
do you have RSA keys?--->
<---yes, i have one
SM just let you wrap this communication, like SSL, to be unreadable
(+avoid man in the middle...and so)
So, dont think in card communicating between them. This could be, but
that is other part of story.
The point is at the upper layers, the other party has to be trusted.
SMs ensure that the smart-card's counterparty is trusted.
SSL might offer that too. It does in principle, in marketing. But the
details matter too much for it to be reliable. For easy example, smart
cards typically don't do SSL. So there is some other agent between you
and the smart card that is "promising" to tell the smart card that you
are the trusted party.
That's generally not acceptable in the smart card world, because of the
economic logic I outlined - you chose a high security method, you have
to impose that same security over every step. End-to-end is not
decomposable into small components just because someone sold you a cheap
SSL connection with a bunch of marketing buzzwords.
Sure. But, that's a different level of security. Disk drives and signed
applets are moderate-to-boring. Smart cards are several cuts above that.
Just as an example, a proper security model would never let a user choose
low level things out of its trusted platform. E.g., "pay now" and "enter
pin" are good user things, "read cert" is not.
This simplest level of security is what im talking about...forget the
SM, forget other higher/complex things.
This page is trying to get access to your smartcard, Do you allow this?
No.
It ain't me :) It's Firefox. But the answer's the same - NO.
(if you have an smartcard inserted on a reader, you "know" what an smartcard is)
No. The smart card reader *might know what a smart card is*. But it
cannot easily provide any guarantee of that. Specifically it cannot
provide any guarantee that it is not really just a USB cable to another
computer with a soft token on it.
(How does Firefox get around that failure? Well, once we've accepted
the word at the bottom, it should be clearer ...)
Maybe. You want the smart card to authenticate itself to you? I think.
OMG...i really suck in english, isnt it?
No, not at all. It's just that you are leaping from prior assumption
"smart card is insisted on because it is high security" all the way to
your development priority "gotta get the code working regardless of the
security implications" without pause.
That involves some suckiness in wording, in any language, coz you are
dropping a promise made earlier.
There was also some mention of document signing. Yeah, I think I understand
that application ... and I'd say you haven't got a lot of hope there in
getting the smart card open for that via Firefox. How about a downloaded
app?
Web. Im looking for a web solution (better than Java, or being
compatible with Java, at least)
Now i start thinking i should hire a professional translator...
No, you need a secured browser. You need an entire team working in the
browser to build a proper security model, and expose that to a security
API on the website. Then you need to get that through PKIX :D and wait
over a decade before the others pick it up.
You are assuming that just because the browser happens to talk to a
smart card, the browser's security model is what you think it is. No
such luck.
One word: compromise.
That word describes Firefox's smart card model, as well as your own
position ;) It also describes why others (banks, EU, etc) have not
seemed to get this working.
iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
