Shawn Willden wrote: > Further support for my position! :-) > > I agree that card readers with integral PIN pads are much better for > security, > but with that improvement, PIN caching at the application level becomes > impossible and it becomes even *more* important to have some mechanism to > allow the card authentication state to persist over time and across > applications while simultaneously preventing another user from hijacking the > card. What you are proposing means a developer must trust all the applications installed in the machines where its applications will run. That's a lot of trust. I believe the only thing someone can reasonably assume is that the OS installed on those machines will prevent any malicious attempt to circumvent the protection provided by the smart card middleware and that users will not run any evil code as root .
Regards, Carlos _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
