Lionel Elie Mamane wrote: > I thought we were talking about PKCS#11 "drivers" for specific cards, and that you had to link this driver into your program (dynamically > at run-time) in order to use it. That _driver_ would be gpl-incompatible.
PKCS#11 is a standard it is not vendor specific, please refer to http://www.rsasecurity.com/rsalabs/node.asp?id=2133 so that your answers will be correct. So if PKCS#11 is an API specification that every smartcard/HSM/Software who manages cryptographic keys supports, by means of developing a shared library/DLL that implement the standard, is it OK for GPLed program to load and interact with this library. NOTICE: Since the application does not know which cryptographic token is used by the user, the usage of the library MUST be done at runtime. There is stick interface for these libraries which is described in PKCS#11 standard. We need a definite answer here... So the licensing argument will be out of the way... [[[ Some of my thoughts... And comments for your position. A standard is a standard... And it is not matter if it describers an API, a protocol, a command-line, a format or any other interface. As long as there is no intellectual rights claims for the implementation of the standard, it can be used by GPL. Hence... HTTP is a standard (RFCXXX, protocol), PKCS#11 is a standard (RSA, API), S/MIME is a standard (RFC, format) etc... There is not difference between them in term of implementing a compliance software. ]]] Best Regards, Alon Bar-Lev. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users