On 6/8/07, Richard Hartmann <richih.nos...@googlemail.com> wrote:
On 6/8/07, Alon Bar-Lev <alon.bar...@gmail.com> wrote:
> You keep forgeting that attempting to authenticate to smartcard using
> invalid PIN will eventually lock it.
If there is only one PIN, that is not any threat. It either
authenticates correctly or times out. In neither case is there a wrong
PIN sent to the token.
If you use this PIN to authenticate by mistake to another token you
will lock this token.
If you remove and insert the token you should require
reauthentication, this is how smartcards should be used.
I think it would be beneficial to every subscriber if we were to stop
the debate about the philosophical differences we are having. This is,
after all, a developer list.
Before you go and develop you need to soleve the philosophical issues.
If you can point me to docs for setting up RAS correctly, I would
gladly try that approach and report back to the list if and how this
works via the new pkcs#11 interface.
http://msdn2.microsoft.com/en-us/library/ms832355.aspx
An OpenVPN GUI can be develop as a provider... This is the best
approach for Windows... This has nothing to do with PKCS#11, but will
solve your issues as well.
Best Regards,
Alon Bar-Lev.
