List Info

Thread: new pages for software list etc?
new pages for software list etc?
user name
 2006-11-27 20:24:31 
On Monday 27 November 2006 22:12, Eddy Nigg (StartCom Ltd.)
wrote:
> Alon Bar-Lev wrote:
> > Sure it does, it makes users crazy if you
re-prompt them for
> > certificate that was already selected.
> > h
ttps://bugzilla.mozilla.org/show_bug.cgi?id=149673
> > Opened: 2002-06-06 12:12
(!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!)
>
> The Mozilla browser always asks, which certificate to
choose when
> performing client authentication. I don't see anything
wrong with
> that...With Thunderbird, when a certificate has been
correctly
> associated with the account, there is no need to
re-select. In both
> cases the correct behavior in my opinion, with and
without smart
> card.

While in my webmail site, I need to select a certificate
almost very 
time I select an item... This is bad... Even I cannot work
with it.

> >>  Personally I think, that anything which
conforms to the
> >> PKCS11/15 standard
> >> is a worthy application / provider /
whatever....(If the
> >> application is has
> >> a bad implementation...that speaks for the
application itself
> >> and/or you might just improve it...)
> >
> > This is not so simple!
> > The application should be designed to support
dynamic smartcard
> > environment.
> > Most importantly, they need to UNDERSTAND what is
considered to
> > be best practice.
>
> I think it would be smarter to write a guide with best
practices
> for application developers, instead to withheld
important

This is what I am suggesting!
Before we list applications we create this guide.
Then we list applications and specify how they behave
according to the 
suggested behavior.

> information from users and "punish" certain
applications. I think
> it's somewhat of an overkill to filter applications
based on the
> criteria you setup...And if I understand your
suggestions
> correctly, than you wouldn't list Mozilla's software,
which I view
> as shooting yourself in the foot...

No... It *WILL* be listed... But its issues will be
available to 
users, so they can select the most appropriate application,
or defer 
the decision to use smartcards.
Users will get more than a list of "Hay... I am working
with 
smartcard", I argue with the "working" term.

Best Regards,
Alon Bar-Lev.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
new pages for software list etc?
user name
 2006-11-27 21:21:11 
On 27.11.2006, at 22:24, Alon Bar-Lev wrote:

>
> While in my webmail site, I need to select a
certificate almost very
> time I select an item... This is bad... Even I cannot
work with it.
>

Check your webserver coniguration and SSL session timeout.
Mozilla  
only asks for a certificate when the SSL session on the
server has  
'expired' meaning It needs to re-negotiate. The default with
mod_ssl  
was 5 minutes IIRC. If you have a very special
configuration, you can  
of course get the dialogue on every request (when you reset
the session)



> Users will get more than a list of "Hay... I am
working with
> smartcard", I argue with the "working"
term.


As I've said before: I tend to look at the stuff from eID
point of  
view - the 'smartcard' is not a sexy word at all as when you
have 1  
million average joes and grandmammas as your possible users
of  
smartcards, they don't know more than 'PIN1 is like in the
ATM' and  
'I must not give PIN2 (legally binding digital signature)
unless I  
know what is going on'.

So in the end the real enduser just takes the app that gets
the stuff  
done and only hackers and crackers look for 'so what else
can i do  
with the card... ?' and come up with  fancy stuff. I see
smartcards  
not a purpose in itself but a piece of infrastructure. You
can create  
lots of 'smartcard applications' but unless there is
something  
practical to do with it, nobody uses it.

In theory, all software that can in some way make use of
asymmetric  
crypto, can use smartcards. We might 'see the problem',
document a  
better and brighter future, enlighten developers and offer
ready  
solutions to some of the problem that plague the 'smartcard
usability  
with daily applications'.

That's a hell of a task....

-- 
Martin Paljak / martinpaljak.pri.ee
martin.paljak.pri.ee / ideelabor.ee
+372 515 64 95


_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
new pages for software list etc?
user name
 2006-11-27 21:27:17 
On 11/27/06, Martin Paljak <martinpaljak.pri.ee> wrote:
> In theory, all software that can in some way make use
of asymmetric
> crypto, can use smartcards. We might 'see the problem',
document a
> better and brighter future, enlighten developers and
offer ready
> solutions to some of the problem that plague the
'smartcard usability
> with daily applications'.
>
> That's a hell of a task....

This is practicaly what I do... 

Best Regards,
Alon Bar-Lev.
_______________________________________________
opensc-devel mailing list
opensc-devellists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc
-devel
[1-3]

about | contact  Other archives ( Real Estate discussion Medical topics )