Hi, do somebody uses the card profiles with the 'pin-domains' activated? Will you have any objections against the idea to abandon the support of the 'pin-domains' in pkcs15init ?
Actually only one card driver cflex (and cyberflex), one of the first drivers, implements it . Afaik, for a long time these cards are not more produced. It's not going about the total elimination of the 'flex' card support, but about the support with one 'pin-domain', like the others card drivers do. Imho, the support of 'pin-domains' is an non-justified burden for the pkcs15init core . Alternative to 'pin-domains' is the multi-pkcs15-applications, which the implementation can be considered. Current implementation of 'pin-domains' (very clever and ingenious) makes some short circuits, that makes unclear (as for me) the relations between the card profile, pkcs15init core and pkcs15init card driver. For ex. : - the file system from card profile do not corresponds to the final card system; - the ACLs with (SO)PIN reference from the profile can finally be translated into the card as 'NONE' (imho, pkcs15init core and driver should not overwrite profile settings); - authId do not supported for the certificate objects, and when importing certificate, it's not always possible to indicate the proper 'pin-domain' . Kind wishes, Viktor Tarasov. -- Viktor Tarasov <[email protected]> _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
