Re: root certs on smart cards

On Friday 25 March 2005 02:28 am, Nils Larsch wrote:
> Justin Karneges wrote:
> > Hi folks,
> >
> > I'm just now looking into smart card programming.  I wondered, is it
> > possible or would it even make sense to have root certs stored on a smart
> > card?
>
> it's certainly possible but whether it makes sense depends on your
> scenario (can you trust the cert from the card, and as smartcards
> are very slow: do you actually want to read it from the card if
> possible).

Maybe an example scenario would make my question more clear:

If you were browsing with Mozilla, had your smart card plugged in, and visited 
a site with an unknown self-signed certificate, would it be sensible that if 
you chose to accept the cert, Mozilla would write it to the card instead of 
to its own internal storage?  And that future visits to the site would be 
validated using the smart card?

This concept also hinges on the ability to mark a cert as trusted on the card.  
If there is no way to do this, then it wouldn't be possible to distinguish 
trusted vs non-trusted certs.

-Justin