Diego, Everything you write is fine and probably correct as well. The only "fly in the soup" is that *it is not happening*.
The smart card community has failed creating a cheap a readily available token that can be provisioned on-line while for example iPhone and Android already ships with built-in enrollment software. However, there will always be a small market that prefers something special. I'm rather talking about the 99.999% that believes cost and availability matter. I also think that the poor GUI support offered by smart cards will make these look quite dated compared to virtual smart cards having cool logotypes and stuff. Anders On 2012-08-19 14:23, NdK wrote: > Il 19/08/2012 10:14, Anders Rundgren ha scritto: > >> Virtual smart cards have unlimited capacity and doesn't occupy space in >> your pocket either. > Then an USB token paired with some form of "unsecure" storage and have > RSA capabilities and a button or a small keypad (display w/ > touchscreen?) to enter consent/authorization code in a way that can't be > intercepted/forged by software would be even better. > > The "unsecure storage" could be easily encrypted under a private key > that then gets encrypted under any number of "token public keys", so no > "single point of failure" exists and that storage can easily be > shared/copied to any number of tokens. (IIRC, something along this line > should/could be in next OpenPGP token). > > This way you would have benefits of both virtual (practically > "unlimited" number of certs/keys: if you use a 32G uSD as storage you'd > have to spend your life receiving certs before filling it...) and real > smart cards (bring it wherever you like, having full control). If such a > token would be issued by govs (so coming with a "universally trusted" > cert to certify that extra keys are generated by the token), it would be > the really universal "card". > > I don't like those "vendor lock-ins". Maybe I saw too many burnt mobos, > or just 'cause I prefer AMDs :), or simply it seems another way to > introduce "crippled boot feature" and have users be happy with that (a > "virtual smart card", implemented in SW, requires some form of > "certified boot", so it only works with a "certified OS"), or > reintroduce the dear old TPM (that have been cracked[1], BTW)... On the > other hand, a token/card is platform-agnostic... > > > [1] > http://www.computerworld.com/s/article/9151158/Black_Hat_Researcher_claims_hack_of_chip_used_to_secure_computers_smartcards > > BYtE, > Diego. > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel > _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
