----- Original Message -----
Sent: Wednesday, December 01, 2004 5:08
PM
Subject: Re: [Muscle] A question about
PKCS #11 for MUSCLE Card
yes - session objects are mostly stored in the
smartcard, in 99% of study cases.
But one cannot generalize from this, and make a
simple factual answer.
All session objects could theoretically exist
outside the cryptomodule: if the entire state of the card is serialized,
persisted to a stream, and the stream is passed back and forth between client
and applet instance. A User of PKCS11 will not know if this is happening. This
design is not common; other designs focus on specific problems reuiqring
session objects to NOT be stored in the smartcard:
If SSL asks PKCS11 to generate an ephermeral DH
keypair, for example, the keypair could be exported through the PKCS interface
to an off card data store. The key is a session object (in SSL terms),
that exists for the duration of the SSL connection; if the PKCS token has
no flash, the DH parameters may be downloaded to the card each time the card
is reconnected to the SSL protocol engine. Similarly, the current MACs used in
a run of the SSL protocol might similarly be downloaded, to "resume the
session" once the card is powered-up, and a particular applet instance is
selected.
----- Original Message -----
Sent: Wednesday, December 01, 2004 7:28
AM
Subject: Re: [Muscle] A question about
PKCS #11 for MUSCLE Card
Excuse me for my bad english.
My question is very simple.
Where are stored the Session
Objects?
In the Smart Card??
Matteo Ferrara
_______________________________________________
Muscle mailing
list
[EMAIL PROTECTED]
http://lists.drizzle.com/mailman/listinfo/muscle
