On Tuesday 21 March 2006 08:56, Ludovic Rousseau wrote:
> It may not be a good idea to send an APDU to a card that does not
> expect that APDU. For example my banking card will lock itself after
> receiving a few unknown APDU. This is to avoid an exhaustive search of
> supported APDU by the card (of course the supported APDU are not
> documented and the card application is "secret").
I'll refrain from commenting on just how braindead that is as an approach to
security. If there are cards out there that are configured that way (which
I'm not disputing, although I haven't seen them), then it may be better not
to have a default plugin by default. Perhaps there could be a configuration
option?
> Identifying a card (in fact an applet) using the card ATR is stupid.
> But I don't know better and _backward compatible_ way.
Agreed, there really isn't a good way.
Shawn.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
