2012/1/11 Martin Paljak <[email protected]>: > Hello Ludovic,
Hello, > On Thu, Jan 5, 2012 at 03:37, NIIBE Yutaka <[email protected]> wrote: >> It is extensively tested with Vasco DIGIPASS 920. Note that the >> reader has firewall feature which doesn't allow VERIFY or CHANGE >> REFERENCE DATA command with data from host, but only allows pinpad >> entry by the reader. With no pinpad entry support, this reader were >> useless at all. It works well except --unblock --admin. > > This is an excerpt from gnupg-devel. > > It seems there is at least one more reader available that does PIN > firewalling. > > I was wondering if it would make sense to: > - add a "remarks" section to the reader matrix about this feature I agree. I already have a Note section to indicate issues with the reader [1]. A Features section [2] to indicate some reader features like contactless, pinpad, biometric, etc. A Limitations section [3]. The only listed limitation is "No extended APDU". The pinpad firewall is a feature (for the manufacturer) but can be a limitation (for the user/developer). Where should I add this information? I propose to use feature. Any better idea? > - create a small test-script for probing "various" parameters of the > reader, which could be made a standard part for sending in information > about new readers > > With a huge warning about possible lockup, it would be even better to > probe for cards that do not allow querying tries left information with > an empty verify command (which should also be firewalled by the > reader) > While testing the firewalled readers from Gemalto, I made some python > scripts which could be tuned for this purpose. If you provide the testing tool that is even better :-) The tool can be added in the contrib directory [4]. Thanks [1] http://pcsclite.alioth.debian.org/ccid/note.html#169 [2] http://pcsclite.alioth.debian.org/ccid/features.html#117 [3] http://pcsclite.alioth.debian.org/ccid/limitations.html#147 [4] http://anonscm.debian.org/viewvc/pcsclite/trunk/contrib/ -- Dr. Ludovic Rousseau _______________________________________________ Muscle mailing list [email protected] http://lists.drizzle.com/mailman/listinfo/muscle
