gnumed-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed serv

From: Luke Kenneth Casson Leighton
Subject: Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server
Date: Sun, 1 Aug 2010 22:55:31 +0100 
jim,

you're much much better off using opensc (apt-cache search opensc on
debian) and using PKSC#11 compliant smartcards.  there's libpam-p11,
there's probably a PKSC#11 authentication plugin for win32 (with
associated GINA), there's even a mozilla-opensc plugin:

Description: Mozilla plugin for authentication using OpenSC
 A plugin for mozilla that allows S/MIME and SSL authentication using
 OpenSC.
 .
 Card initialization can be performed by utilities in the opensc package.
Homepage: http://www.opensc-project.org/

not exactly sure that that fills me with great confidence that S/MIME
and SSL authentication is used, but there you go.

 if you'd seriously like to consider this, please:

 * do not use OmniKey cards, they have only released binary drivers.
you therefore cannot trust them, simple as that.

 * please do not use Gemalto smartcards or readers, i will get very
pissed off because they too refused to release the driver source code,
and i had bought their last remaining (quantity 1,000) RS232-based
Gemalto smartcard readers, and the fuckers _still_ refused to give me
the source code, providing me with the pointers to the proprietary
"wrapped" drivers which had been compiled on a win32 platform.  i told
them exactly what i thought of them, and told them that i would
always, always tell people that their products are totally
untrustworthy because if they hide the source code, then they have
something to hide.

l.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]