On Fri, 04 Dec 2009 09:44:36 +0100 Viktor TARASOV <viktor.tara...@opentrust.com> wrote:
> -- if C_SetPIN() is not preceded by C_Login then it's implicitly the > User PIN is going to be changed. > In this case the 'pOldPin' argument is the unblocking code. > For me it's quite logical, because, as you've told, > we do not have or cannot use the actual PIN value. > Only in this case. It's perfectly possible under another scenario that the user knows the PIN and only wishes to change it to a new one. I haven't done any research on existing implementations, but given the wording of the PKCS#11 spec, what you're suggesting sounds to me like it would break things. And to make things worse, it would probably have a high risk of expending the PUK attempts (as the user would be feeding it the PIN instead) and really screw the user over. Rgds -- Pierre Ossman OpenSource-based Thin Client Technology System Developer Telephone: +46-13-21 46 00 Cendio AB Web: http://www.cendio.com
signature.asc
Description: PGP signature
_______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
