> I wonder how many smart card manufacturers would be willing > to give their source code to any government that requested it as > Microsoft is doing with their source code.
Jean-Luc Giraud notes ... >>> Doesn't it already happen for CC evaluations (at least to some extent)? AFAIK, no. What is submitted is a formal description of some sort with the sort depending on the level of CC you are going for. There is no cross-check that there is any software anywhere that matches the formal description let alone the software that is actually in the card that you hold. And even if the software in the card you hold did conform to the formal CC description, there is no cross-check that there isn't additional software in the card. Bottom line is that nobody but the card manufacturer knows the actual software load in the card and judging from the quality of smart card software on the market at times they have only a tenuous grasp. My point is that smart card software should be as transparent as cryptographic algorithms and that the card issuer and the card holder should have some means to assure themselves that what is in the actual card in their hand conforms to these descriptions. I do not buy the "secret sauce" argument. Cheers, Scott _______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
