card_status - change-request to update allways
gniibe at fsij.org
Mon Sep 25 03:07:32 CEST 2017
Werner Koch <wk at gnupg.org> wrote:
> Having a way to ask the user to insert a certain card using data which
> is permanently associated with the card (printed serial number) is a
> very useful feature and cannot, according to my experience, be replaced
> by just asking for the key id or such.
For some cards, it's true. Card has a unique serial number by
manufacturer, which is printed on the card, and a user can recognize the
number. A user _can_ use the unique serial number to identify his key.
Or... a user could have a practice to strongly assosicate his key to a
specific physical media with specific serial number. I don't deny this
I know about, the use case of strong association between the serial
number and private keys; Some users want to do that. (When he finds his
keys on different card, he might want to be notified.) I don't propose
My point is that the use of strong association should not be _required_
(or assumed) for all users always.
Speaking about my use case, I identify my tokens by its enclosure, like
blue one, red one, one with GPG logo, etc. In this use case, it is more
useful for me to be notified "please insert red token" than "please
insert token with S/N: xxxx". When I need, I check the serial number
by "gpg --card-status".
Please note that there are many tokens (Gnuk Token implementations,
Nitrokey, Yubikey, etc.), which are basically used without printed
serial number on the hardware.
More information about the Gnupg-devel