OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11-comment message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11-comment] Provisioning Tokens with PKCS #11

Hi Anders -

Thanks for your comments! We'll certainly bear them in mind as we work on PKCS #11. We'd also love to have you join us in this work!

Regards,

Bob


----- Original Message -----
From: Anders Rundgren [mailto:anders.rundgren@telia.com]
Sent: Saturday, May 18, 2013 02:31 AM
To: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org>
Subject: [pkcs11-comment] Provisioning Tokens with PKCS #11

Hi List,
PKCS #11 is indeed a very successful standard for using cryptographic tokens.

However, provisioning/initialization has not been equally successful and IMHO this is the core problem for the mobile device market.

Personally, I believe it would be a better idea creating a separate standard for this purpose since you would need to add concepts like secure messaging to the plot which would make the total system extremely complex.

I also believe that the security model supported by the existing PKCS #11 interface doesn't fit well in the mobile device market which probably will settle on a scheme where keys are optionally augmented with ACLs telling which users, applications, etc, that they permit to be accessed by.

The ability to provision keys through a browser is also crucial but fairly unrealistic using PKCS #11.  Well, I do provision keys with PKCS #11 in Firefox but I wouldn't call this solution "professional" since it is based on Netscape's 19 year-old <keygen> hack.

Fortunately none of these developments make PKCS #11 obsolete!

thanx,
Anders Rundgren

-- 
This publicly archived list offers a means to provide input to the
OASIS PKCS 11 TC.

In order to verify user consent to the Feedback License terms and
to minimize spam in the list archive, subscription is required
before posting.

Subscribe: pkcs11-comment-subscribe@lists.oasis-open.org
Unsubscribe: pkcs11-comment-unsubscribe@lists.oasis-open.org
List help: pkcs11-comment-help@lists.oasis-open.org
List archive: http://lists.oasis-open.org/archives/pkcs11-comment/
Feedback License: http://www.oasis-open.org/who/ipr/feedback_license.pdf
List Guidelines: http://www.oasis-open.org/maillists/guidelines.php
Committee: http://www.oasis-open.org/committees/pkcs11
Join OASIS: http://www.oasis-open.org/join/

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]