>> PKCS#11 interface define both, ui callback (notify) > > What is that? Can you be more specific?
I was thinking about CK_NOTIFY as a way to notify operation progress >> Couldnt opensc provide a way to do this safely? >> Could signed libraries solve this? > > What is the threat model? > Who is the attacker and what can he do? I was thinking about this: if biometirc login is made using a library opensc library<->biometric-reader library and opensc library<->man-in-the-middle library<->biometric-reader library probably this is not how its supposed to be done. > Signing a library will not solve much if the attacker has root access > or is the user itself. Windows csp's must be signed to be used. That was what i was thinking. As you an see, thinking in many things, nor correct ones :P The question remains, anyway: how could opensc support biometric/whatever readers? _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel