Peter Stuge wrote: >> If PKI cards can't be made to work like USB memory sticks (just >> plug them in), there is something wrong because the complexity is >> not that different.
>Interesting comparison! >I think the reason why USB memory works so different (better IMO) >than USB PKI things is because of their respective legacy. Having participated in Swedish government-funded standardization efforts in the mid-90'ties as well as in quite recent work in other more international foras my own conclusion is that security vendors still hope to control the market with "unique solutions". This is the true legacy. Then there is also a number of countries, in particular Germany with BSI in the front who continuously screw-up with insanely complex solutions supported by a handful of local vendors. An example of that is the German e-invoice law that requires that a qualified signature is performed over an invoice which has created a "market" for machines having 25 smart cards controlled by a single human operator. That the financial sector have managed to build secure globally scaling systems using automated signing gateways is something these guys never consider. The same "thinking" has now reached the German e-card which is a train wreck in workings: http://www.bsi.bund.de/literat/tr/tr03112/index.htm >USB Mass Storage builds upon SCSI, a protocol for rather large >machines. >USB PKI builds upon, eh, well, a serial port and a protocol for >rather small machines. >SCSI is a better fit than a serial port for a modern PC. But don't >forget that it has taken quite a few years to get USB MSC to work. >Also USB MSC has been able to benefit from many other developments. >SATA for one. There is synergy. >PKI is quite a niche in comparison. Yes, but I think it is time to make it as mainstream as possible and the way ahead is creating new standards that does PKI and not something else that is only of interest for example the transportation sector who will have to do their OpenSC or similar. _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
