Eric Norman wrote:
On Oct 10, 2006, at 6:46 PM, Antti S. Lankila wrote:
Okay, these two tasks are the last ones, before the signer component
would be ready for wider consumption. Before it's anywhere near sane
to allow user to sign documents that legally binds her, it would be
good idea to:
1) visualize the data about the be signed.
... and more ...
While all these are very valid concerns, I sure don't see why
they would be relevant to the OpenSC group and this list.
As far as document signing, the OpenSC project is limited
to the following technical operations: here's a bunch of
bits, send them into a smart card, have the smart card
compute a digital signature, and send the result back out.
There might be some technical differences if non-repudiation
is involved, such as requiring that the smart card's PIN
be (re)supplied during the signing procedure. But I think
that's about it.
But anyway, the legal and usability issues are known by
many and are better discussed elsewhere.
Well, I was really soliciting feedback to see if I had understood this
whole concept correctly. I have no idea which is the correct forum for
this, but I was hoping it could be this one. As a data point, you do not
at least seem to disagree with my ideas so far.
Even if the above might not, this concerns opensc: I believe it is
unacceptable to ask for the non-repudiation pin, too, when the browser's
pkcs11 module only is in use. (The key should never be unlocked
unnecessarily.) I guess I'll look at what it takes to get rid of this
misfeature.
The other thing is, the whole nonrepudiation signature should indeed
always ask for the PIN when a signature is about to be performed. It
does this. But I can't help feeling it's nothing more than sort of show
at this point, because the pkcs11 module already asked it (for no
reason), and because the PIN goes into the process's memory, so a
compromised signer component could reuse it without user's explicit
knowledge.
I used to have a reader where the keyboard was plugged into the reader
instead of the regular PS/2 port. I wonder if OpenSC used that as it was
meant to be used, with the reader directly intercepting the keyboard
input for PIN, so it never enters host's memory. These days peripherals
are all USB, so that nice security feature is now gone. (Any readers
where plugging in USB keyboard is possible?)
--
Antti
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
