Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
Douglas,
Perhaps could you explain where I may be mis-understanding recent issues, on
the PIV/PKCS#15 topic, on the list? The misunderstanding comes in respect ot
PKCS$15 - which is a cross between a stream, and a "file _system_" defined
over 7816-4 files (and their acls).
PKCS#15 is esseentialy a file system defined over the ISO 7816-4 files -
MF/DF/EFs,m etc. V1.1 is obtained from
ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-15/pkcs15v1.doc. The cited URL links
to the document that was - apparently - the progenitor for ISO 7816-15
(drafts). But, what is the relationship formally of PKCS#15/7816-15 to PIV,
and where can that info be seen in USG-issued _public_ documents?
If we reference muscle, we also know that musclecards come in a variety of
card-types, for a common card-edge: the javacard ("VM"?) form of the muscle
applet that Karsten has recently amended, and the ISO FS form sold by some
vendors (apparently). The muscle download area has C-coded plugins for the
two sets of wire format PDU encoders, bendath a common musclecard API - for
the VM [aka javacard] applet, and the FS card. But the FS card does not
export a PKCS#15 file system - it simply provides the muscle card-edge!
Is the PIV concept of a FS card type an extension of the muscle FS card
concept? ... in which the card edge can not only be implemented in terms of
classical 7816-4 file access/management instructions (READ/WRTIE BUFFER etc)
but the collection of files MUST also conform to PKCS#15 (or 7816-15) -
creating a "PKCS#15 filesystem"?
Now, finally, when discussing OpenSC, and its "PIV driver mode": can I
assume that this host-side driver is willing to emulate the existance of a
PKCS$15 complygin file system on a PIV card - even when the card only
implements a VM type card edge?
How far could such an emulation go? for example, if one wanted to clone a
card and thus get the source card to export the entire PKCS#15 ASN.1-defined
BER stream, could the SC driver perform that "sttream" level of emulation,
and then the reverse process...write a stream back to a set of GC
instance(s) and their PIV-data containers - on a VM-style PIV card?
Peter.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
