>And if you want a really detailed client-side smartcard provision you
>could already implement this with a Java applet doing exactly what you want.
The reason why I brought this to begin with is because this is what in fact
the *majority* of big PKI deployments (0.5M and up) using "soft certifica
Anders Rundgren wrote:
>> And in opposite to you IMO it's more the user's interest to use a secure
>> key store.
>
> So you mean that banks and governments run their eID/PIV programs
> because their customers and citizens have asked for it?
Yes, here in Germany people do care about security of on
>> Maybe you could enlighten us a bit on how an issuer using
>> (which in Mozilla's implementation means connecting to a PKCS #11 driver),
>> in some way can be assured that the user really is using a smart card rather
>> than a file-based key-store?
>Oh, come on! I know it's currently not possib
Anders Rundgren wrote:
> Q: How can an issuer know that the end-user is actually using a smart
> card?
> A: It cannot, smart cards were never designed for "open" on-line
> provision.
>
It all depends on the smartcard software and how it interacts with the
enrollment so
Q: How can an issuer know that the end-user is actually using a smart card?
A: It cannot, smart cards were never designed for "open" on-line provision.
>>> It all depends on the smartcard software and how it interacts with the
>>> enrollment software.
>> And if we stick to the initial
Anders Rundgren wrote:
>>> Q: How can an issuer know that the end-user is actually using a smart card?
>>> A: It cannot, smart cards were never designed for "open" on-line provision.
>
>> It all depends on the smartcard software and how it interacts with the
>> enrollment software.
>
> And if we
>> Q: How can an issuer know that the end-user is actually using a smart card?
>> A: It cannot, smart cards were never designed for "open" on-line provision.
>It all depends on the smartcard software and how it interacts with the
>enrollment software.
And if we stick to the initial subject, i.e.
Anders Rundgren wrote:
> Q: Why use smart cards?
> A: Because they are conveniant. Wrong answer; issuers don't care about
> end-users, they care about protecting their business and enforcing their
> policy.
E.g. (corporate) CAs do care about end-users. Otherwise costs in the
helpdesk are rising.
>> Smart cards are essentially never provisioned using except
>> in very local instances such as within an organization.
>
>> Why is that? Because it doesn't work.
>I'm not what you mean "it doesn't work". We are using smart cards almost
>everywhere without a problem. We use keygen for generati
On 04/18/2009 11:21 AM, Anders Rundgren:
Hi Nelson,
Smart cards are essentially never provisioned using except
in very local instances such as within an organization.
Why is that? Because it doesn't work.
I'm not sure what you mean with "it doesn't work". We are using smart
cards almost
On 04/18/2009 11:21 AM, Anders Rundgren:
Hi Nelson,
Smart cards are essentially never provisioned using except
in very local instances such as within an organization.
Why is that? Because it doesn't work.
I'm not what you mean "it doesn't work". We are using smart cards almost
everywhere w
Hi Nelson,
Smart cards are essentially never provisioned using except
in very local instances such as within an organization.
Why is that? Because it doesn't work. None of the makers of
smart cards have invested a single cent in a consumer-oriented
on-line provisioning scheme. And if they eve
12 matches
Mail list logo
