On 5/22/07, Thomas Glanzmann <tho...@glanzmann.de> wrote:
Actually I don't consider PKCS#11 a standard interface. It's more like everyone puts its binary blob anywhere. Actually I think it's horrible by design. It's more like a "standard" interface to a binary blob that does something that isn't standard with the actual smartcard. From what I heard and read about PKCS#11 it is a mess.
This say it all. It seems you don't understand what standard is. And because of people with the same attitude we don't have a valid cryptography in open source. I had this discussion over and over... Everybody think he can do better, and we end up with unusable solutions. A standard is a compromise between the best way to achieve a goal and the interest of several parties. I guess you are aware that you use PKCS#1, PKCS#8, PKCS#7 PKCS#12, PKCS#10, all are not the best way to encode any format, but it makes application communicate correctly with each-other. PKCS#11 falls on the same category. Because everybody think we knows better, we got to a state where the user must execute about 5 agents on his computer to use his smartcard (ssh-agent, gpg-agent, seahorse, gnutls and more). This is unacceptable, and proves that there is nothing close to standard. Best Regards, Alon Bar-Lev.
