Am Donnerstag 04 Februar 2010 22:20:36 schrieb Crypto Stick: > > What is the problem you are facing with serial numbers? > > The usage of individual Crypto Sticks and thus of their users could be > monitored. This could be problematic in environments where government > does not allow free speech for example. In such situations users of > cryptographic mechanisms may face repression or punishment. The > possibility of being monitored more easily might increase the risks for > their users.
usualy a smart card or usb crypto token has certificates on it, and they can be read without any user verification. so monitoring is always possible in such setups. I guess your point is more, that *default settings* will put the usb serial number in log files, and user can be tracked that way. it is indeed easier to provide a usb device without serial number, then to ask the user to edit system settings to disable such logging first. does the usb driver of the token have some flash build in where you can store the serial number? I guess most have, so the "fixed" serial number is only some value written into the flash at the factory and maybe configure-able (much like mac addresses of network cards can be configured these days). so you could ship the tokens without serial numbers, but include documentation with details or a tool to set serial numbers, if e.g. a company adminitrator wants those and doesn't have privacy concerns? Regards, Andreas _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
