On Thu, May 10, 2007 at 07:33:21AM +0300, Alon Bar-Lev wrote: > > It would be more practical and possibly also more secure to have > > a proxy that looks like an ssh-agent > > What is the difference between implementing properietary proxy > interface, and allowing openssh to use standard PKCS#11 interface? > The result is the same, only the later is standard.
This depends on the definition of standard. Secure shell is also a standard. The SSH agent protocol too. But what really matters is that the SSH agent protocol is already implemented everywhere. Requiring PKCS#11 in ssh to be able to use p11net would be rather useless in the short term (because it would not be widely available) while providing an SSH agent proxy would make p11net useful everywhere immediately! :) Another option that works equally well is of course to teach ssh-agent PKCS#11. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
