[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Provisioning Tokens with PKCS #11
Hi List, PKCS #11 is indeed a very successful standard for using cryptographic tokens. However, provisioning/initialization has not been equally successful and IMHO this is the core problem for the mobile device market. Personally, I believe it would be a better idea creating a separate standard for this purpose since you would need to add concepts like secure messaging to the plot which would make the total system extremely complex. I also believe that the security model supported by the existing PKCS #11 interface doesn't fit well in the mobile device market which probably will settle on a scheme where keys are optionally augmented with ACLs telling which users, applications, etc, that they permit to be accessed by. The ability to provision keys through a browser is also crucial but fairly unrealistic using PKCS #11. Well, I do provision keys with PKCS #11 in Firefox but I wouldn't call this solution "professional" since it is based on Netscape's 19 year-old <keygen> hack. Fortunately none of these developments make PKCS #11 obsolete! thanx, Anders Rundgren
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]