Hello Werner, Werner Koch wrote: > On Mon, 13 Feb 2006 13:04:24 +0200, Alon Bar-Lev said: > >> Are you aware of the PKCS#11 for OpenSSH solution >> (http://marc.theaimsgroup.com/?l=openssh-unix-dev&m=113977188917865&w=2)? > > Well, I know. However you know my point of view: pkcs#11 is a > "standard" too complex to implement correctly and even with a lot of > important things left out. It is only required (and that complex) to > let one proprietary software speak to another proprietary one.
Well... We discussed that in the past... I don't think so... Let's say it is too complex... But if you look at this from the user point of view, there is no logic to reinvent the wheel for each application. But we discussed this in the past. > Things can be much easier with FS. Why support proprietary stuff? No proprietary... Only a standard interface. The user may select the proper implementation, let's say OpenPGP PKCS#11 Provider, which is a complete open-source GPLed implementation. >> I just hope that someday OpenPGP card will also have PKCS#11 >> provider, so it can be used by other applications, and the > > Please write one; gpg-agent provides all you need to do that. It may > actually be useful for use with Mozilla.. This should be your interest... If you do that, user will be able to use your card with may PKCS#11 aware applications. I don't use/recommend OpenPGP card since it has too many limitations. >> other way around... gpg will use PKCS#11 providers in order >> to support many card types. > > No, we won't do that. I know you have a licensing problem... I've been in touch with FSF in order to provide you with the tools needed for implementation. I get one reply every two months... So the process is not over yet. But it seems like we reach into the following conclusion: If GPLed application is written in a way that it work with a standard free interface plug-in (like PKCS#11) and it is not depended on a specific implementation (Compile time, features), then there is no GPL violation if the user chooses to use none GPLed plug-ins. I've written the PKCS#11 support for OpenVPN and OpenSSH, I will gladly add this support to gpg as well... This of course depends on your decision. >From feedbacks I get, many people waited a long time to be able to use their smartcards in open-source applications, but where not able to! Now OpenSC (All cards), Aladdin, Athena, ActivCard, Rainbow can all enjoy working applications (Firefox, Thunderbird, OpenVPN, OpenSSH, these days I try to convince KDE developers to support PKCS#11 as well...). Best Regards, Alon Bar-Lev. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
