On 8/13/2011 11:20 PM, Anders Rundgren wrote: > Writing card drivers is quite difficult. That's why Microsoft introduced the > "MiniDriver". > > The driver model has been very successful for printers since printers have > widely different characteristics. Cryptographic operations OTOH leave very > little (if any) room for variations. > > Although cards may differ in features, using unified high-level APIs like the > MiniDriver this will either be hard to access or more likely: /Never be > utilized/. > > Open question: Since the MiniDriver gives a unified card API, wouldn't it be > easier defining a FIXED API/DRIVER and rather let the cards adapt to that? > Certifying a gazillion third-party drivers > including multiple card versions doesn't appear to be a particularly swift > project.
Is this really an OpenSC question? There are cards out there by many vendors. They could, if they wanted to, do what you suggest but they continue to write their own drivers. OpenSC also provides a mini-driver for the cards supported by OpenSC. This bypasses the PKCS#11 and supports the PKCS#15 cards (and emulated PKCS#15 cards). PKCS#15 if more of a standard that many card vendors have adopted and Microsoft could have too. But early on they developed their own smart card, then tried to standardize around it, thus the confusing CAPI, CNG and its minidriver. As a side note, Microsoft with Windows 7, does provide a built in minidriver for at least the PIV card. Thus no 3rd party drivers including OpenSC is needed to use a PIV card. There are 15 appreved PIV cards, from 6 vendors: http://fips201ep.cio.gov/apl.php So this could be what you are looking for, but the PIV is not designed to be provisioned over the network. > > With a fully unified card API you can target all cards with a fairly simple > test-suite and delegate the certification to the card vendors. This should > dramatically improve system reliability which > always has been a weak point, particularly for consumer computers. True, if the card vendors could agree on one. > > Anders > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
