Does anyone really wonder why the European card model never gets beyond
the "Hey, kids! Let's write another smart card standard!" stage?
Trust is not transitive. The only multitrust token that will ever fly is the white
card.
The TCPA architecture and Global Platform finally got it right. The card holder
is the card issuer.
IMHO, as always.
Cheers, Scott
-----Original Message-----
From: Peter Tomlinson [mailto:[EMAIL PROTECTED]
Sent: Sun 1/11/2004 6:41 PM
To: [EMAIL PROTECTED]
Cc:
Subject: Re: [Muscle] muscle applet deletion of keys, change of parms
Work that I did for the eEurope Smart Cards GIF project last year took on
board for editing a set of documents put together by a group of experts who had
discussed national ID card scheme requirements across Europe. They came to the
conclusion that a central administration (i.e. govt) would take to itself the roles of
card issuer, application issuer, personal certificates issuer and key pair generator -
and that the certificates in the card would never have their keys changed. If a key
was to be revoked, the card would be re-issued. However, that would not stop a third
party loading a second PKI app onto the card, probably using attribute certificates,
and capable of having certificates deleted and new ones added.
See OSCIE GIF at www.eeurope-smartcards.org - click on OSCIE Index and
download Volume 3.
Peter
----- Original Message -----
From: Peter Williams <mailto:[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Sent: Sunday, January 11, 2004 5:21 PM
Subject: Re: [Muscle] muscle applet deletion of keys, change of parms
<Take peter Williams list of assumptions as read>
/
_______________________________________________
Muscle mailing list
[EMAIL PROTECTED]
http://lists.musclecard.com/mailman/listinfo/muscle
