Werner Koch wrote:
On Fri, 22 Jul 2005 23:42:39 +0200, Felix E Klee said:isn't that interesting, though. The point is that AFAICS PKCS#11 clearly defines an API, and perhaps it may become an ISO standard in theNo it does not define a clean API. Almost everyone is using proprietary extensions and I don't consider that a standard. It is a
> The standard allows for proprietary extensions. However, I have seen several implementations and all of them can do what GPG needs w/o using any extensions.
If we would try to support all pcks#11 supported tokes we need to add a lot of extra code to gpg to cope with minor pecularities of the tokens.
Unfortunately :( Although the PKCS#11 defines an interface, every vendor has its own interpretation of it because it is, well, complex and vague at some points. Still, my opinion is that PKCS#11 has more-or-less succeeded where ISO7816 has failed: to unify the interface for accessing any kind of cryptographic token (it is not limited to smart-cards either). And I think it is illusionary to think that smart-card vendors are *ever* going to fully conform to the ISO spec. In their world of business, it makes all vendors replacable. And since most of the vendors already have an established market, it is not in their interest to become replacable. Which makes me wonder.. maybe they even interpret on purpose the vague PKCS#11 points differently from their competitors.
And well, complexity is the worsest enemy of security.
True.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
