On Friday 21 September 2007 09:11:14 am Douglas E. Engert wrote:
> What are the security implications to doing this?
In this particular case, I don't care. Both machines are to be deployed in a
secure environment.
In general, though, I think it also doesn't matter that much. Any reasonable
secure smart card API (I'm talking about the APDU-level API) must assume that
an attacker can get between the card and the reader, or the reader and the
application. Having a remote reader offers another avenue of attack, but
it's not like there aren't plenty to begin with.
The case where it might matter is when the card is used for user
authentication, but a remote reader wouldn't make any sense for that
application anyway.
> How would the stream be protected? ssh?
I don't see any value in layering encryption on the stream. If the data being
transmitted is sensitive, it should be encrypted and/or MACed between
application and card anyway. Or are you suggesting that ssh authentication
be used to prevent rogue connections to the card? That might be useful in
the general case. In my case it doesn't matter -- and I'm looking to hack
pcsclite to make it suit my needs, not necessarily to add a feature to
the "official" pcsclite.
> There is an Open source version of RDC, rdesktop, but I don't know if it
> does smart cards.
There has been some work done on smart card support in rdesktop, but I'm not
sure where it is. Even if it's functional, it doesn't address my situation.
Thanks,
Shawn.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
