On Thursday 23 March 2006 07:11, Carlos Henrique Bauer wrote: > What you are proposing means a developer must trust all the applications > installed in the machines where its applications will run. That's a lot > of trust.
Mmmm, no. That's not what I'm proposing. You probably jumped into the middle of the thread and saw the problems I was complaining about, not my proposed solution. My proposed solution would require the developer to trust users not to run applications that misuse the card credentials. > I believe the only thing someone can reasonably assume is that > the OS installed on those machines will prevent any malicious attempt to > circumvent the protection provided by the smart card middleware and that > users will not run any evil code as root . Agreed, with the additional assumption that the OS will not allow other (non-root) users to impersonate the card owner (i.e. run applications under the owner's UID). The problem here, IMO, is that the middleware doesn't provide any protection beyond restricting card access to a single process. That doesn't help in a multi-application usage scenario. What I want is for the middleware to provide a mechanism to ensure a card can only be accessed by processes running under a given user account. Shawn. _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
