On 13/02/14 21:13, Luis Ressel wrote: > You've got to sign an NDA to learn about the implementation of this > security device which is supposed to be open?
You need an NDA to get the SDK, and you can't disclose the source code for your application. You don't need the implementation details of a smartcard to write an application for it. Those NDA's are rather common in the smartcard world, where companies with a lot of money are worried you'll devise a way to watch pay-TV for free and such.[1] Although I think there's a trend towards more openness, and I learned a while ago that you can get crypto-capable JavaCards these days without requiring an NDA. HTH, Peter. PS: I might be off on the exact details, this is all from an interested observer's standpoint. [1] Yes, security through obscurity. And they need the obscurity, because the security often isn't all that well. Although they have to face the problem that DRM is defective by design, and what they're doing borders on DRM, so partly it's a fundamental problem. -- I use the GNU Privacy Guard (GnuPG) in combination with Enigmail. You can send me encrypted mail if you want some privacy. My key is available at <http://digitalbrains.com/2012/openpgp-key-peter> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
