If the keystore process uses sockets (SKS uses Web Services over sockets), you could achieve trusted path detection in Linux without any significant programming at all:
http://welz.org.za/notes/on-peer-cred.html This scheme is for example used by PostgreSQL for their "ident" authentication scheme. Naturally you need a slightly more potent keystore than a regular smart card but that's already on the radar :-) Yes, if the OS is corrupted trust path detection won't work but OTOH nothing is suitable to perform in a corrupt computer. Anders _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
