PKCS#11 support for gpg-agent

Alon Bar-Lev alon.barlev at gmail.com
Fri Sep 2 14:30:29 CEST 2005 

Werner Koch wrote:

>>I still don't understand where is the licensing problem of using PKCS#11 in
>>a GPLed application.
>>    
>>
>
>Most pkcs#11 stuff is not GPL compatible.  
>  
>
But it does not say that GPLed software cannot use PKCS#11 interface in 
order to access none GPLed tokens!

>>This makes gpg UNUSABLE with smartcards, and I regret this fact.
>>    
>>
>
>Despite the fact that it is used on a regular base by hundreds of
>users.  Check scd/app-*.c to see what cards are supported.  Well, to
>support a card (-application) the specs of the card are required to be
>available w/o an NDA.
>  
>
Yes... despite this fact...

>>you have a problem only with PKCS#11...
>>    
>>
>
>Because it is such an ugly "standard"  [the quotes are on purpose].
>  
>
I am sorry to read that... I think it is a good standard... Just like 
any RSA Security
PKCS#* standard... at least it is a standard that most programmers agree 
on...
I don't understand why you guys did not rewritten the PKCS#7, PKCS#1, 
PKCS#8, PKCS#9
standards... And maybe to stay with PGP standard and not migrating to 
S/MIME...
The whole new work of gpg 1.9 was to migrate to S/MIME... Why!?!?!?!
You could have been very happy in your close PGP format world.
Even if the standards are ugly, they at least work!

>>When user buys it's email signature/encryption certificate he expects to be
>>able to use it in
>>all smartcard enable applications... PKCS#11 provides this ability, and is
>>    
>>
>
>Yes he expects this and will soon see that it was just an expectation.
>  
>
I am afraid you are totally wrong here... I hope you will wake up 
some-day...
I am responsible of replacing software/suggest correct software for 
using smartcards.
Currently gpg is on my black list... And because of this I tried to talk 
with  you first to make
you understand what you do wrong...
It seems that I've failed!
You don't understand or don't want to understand what the user expects, 
so you fail to
provide it.

>>Yes, I know that I can write my own agent... But I still think it will be a
>>mistake.
>>    
>>
>I don't meant to write another agent.  Write a pkcs#11 driver which
>uses gpg-agent as its token.
>  
>
This is the WRONG WRONG WRONG approach!!!!!!!

Sorry,
I won't bother you any more,
Alon Bar-Lev.

More information about the Gnupg-users mailing list