Bear Giles wrote: > But a plug-in that transparently updated a smart card would be extremely > handy. :-) That's what makes the design so hard - it needs to be able > to handle everything from 8k smart cards holding a single veiled key and > cert to RDBMS databases with 50,000+ entries.
I think the design would be made needlessly complex by mandating this scalability. The use cases needed for your smart card API would be, say: encrypt this, decrypt this, sign this, verify this. This is what Cryptoki (PKCS#11) does, and does quite well, in my experience. The use cases for a full-blown PKI repository, which I honestly thought was what we were discussing, should probably include: find me the issuer of this, give me the status of this, enumerate all my revoked certificates. None of these would make much sense to the humble 8k card. Best regards, //oscar ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
