On 10/28/11 4:57 , Werner Koch wrote: > On Fri, 28 Oct 2011 11:10, mar...@martinpaljak.net said: > >> PKCS#11 but also open source drivers (also free, in the sense of "free >> software" vs "open source software") is as good excuse to reject PKCS#11 > > In 99% percent of all cases Open Source and Free Software describe > software distributed under the same terms. Thus it is not helpful to > distinguish between them. I had the impression that the distinction between FOSS and plain OSS (and other even less-free options) was important, or the hypothetical possibility of a misguided(?) user choosing a non-free or proprietary PKCS#11 module over a free one would not be that important for GnuPG?
> Recall that not too long ago pkcs#11 was an interface consisting of some basic > core functions with a lot of required proprietary extensions and many of > them even shared the same function pointer slot. Sorry, I might be too young for that. Yes, PKCS#11 is far from superior (as a spec) and there are bad implementations and proprietary extensions and whatnot. But a *lot* can be achieved with it (2.11+). Especially on free Unices (which are not major players). Today, not 10 years ago. > Meanwhile major players don't use it anymore for interop purposes but defined > their own > high level standard - similar to what GnuPG did. For smart cards? You mean Minidriver(/CryptoAPI) in Microsoft world and the now extinct Tokend(/CDSA) in OS X world? Why would somebody think that Microsoft or Apple care about interop on *their* (proprietary) platforms, with competing platforms? With all due respect, I don't think that GnuPG is on par with Apple or Microsoft in this matter. Especially for Linux (GNU/BSD etc) the closest thing to an independent third party standard that many could agree upon (in the spirit of GNOME vs KDE problems) in this field is PKCS#11. Suggesting to use SCD instead of PKCS#11 is not realistic, it does not bring us any closer to re-usable cryptographic hardware (be it smart cards or HSM-s you can swap behind EJBCA) Best, Martin -- @MartinPaljak +3725156495 _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
