Opera 10 is nice, more convenient and feels faster. I like it.
But it still does not support ID-Card. So, you can't use many web pages
you need for everyday life (Internet bank, different service providers,
public services...).
So, unfortunately Opera is still a secondary browser.
Marko
I'm intrigued! How does a web browser interact with an ID Card? (My
country doesn't have ID Cards, and I hope it never does).
--
-- ^^^^^^^^^^
-- Whiskers
-- ~~~~~~~~~~
> I'm intrigued! How does a web browser interact with an ID Card? (My
> country doesn't have ID Cards, and I hope it never does).
AFAIK, Estonian ID cards are smartcards, so you just need the appropriate
PKCS library. I would really like to see smart card support in Opera, too.
--
begin .sig
< Jernej Simončič ><>◊<>< jernej|s-ng at eternallybored.org >
end
I don't think I've ever seen a smart card reader either built in or as an
accessory for a personal computer. I'm sure there must be some; perhaps
they're all in Estonia?
As a way of identifying who is accessing a system, a smart card has the
same defect as a door-key: whoever has hold of it can get in. An
associated 'secret' password or 'Personal Identifying Number' (PIN) can
help, but that prompts one to ask why a really good password isn't good
enough without the smart card.
My internet banking service requires a 'customer ID number' plus a birth
date plus a ten-digit 'password' of which it asks for only three digits at
each login. They also issue a smart card with a four-digit PIN, of
course, but that is only used for 'hole in the wall' and 'point of sale'
transactions. I don't think it would be secure enough to protect complete
access to my account.
> I don't think I've ever seen a smart card reader either built in or as an
> accessory for a personal computer. I'm sure there must be some; perhaps
> they're all in Estonia?
I've seen several laptops with PC/SC smart card readers built-in, and you
can get an USB smart card reader for about 20€. I don't use these anymore
though - instead I have an USB token, which acts as a smart card reader
with built-in smart card, as pretty much every computer has USB ports.
> As a way of identifying who is accessing a system, a smart card has the
> same defect as a door-key: whoever has hold of it can get in. An
> associated 'secret' password or 'Personal Identifying Number' (PIN) can
> help, but that prompts one to ask why a really good password isn't good
> enough without the smart card.
Main advantage of smart cards is that the certificate on them can not be
accessed directly, and thus cannot be copied easily (it's possible with
special equipment and physical access to the smart card, but not with
normal readers). Also, smart cards are usually configured to destroy their
contents if a wrong PIN is used for authentication too many times (and
since the PIN verification is done by software running on the smart card
itself, it doesn't matter if you use a different computer before each
authentication attempt - this is why these cards are called smart cards,
because they don't just store data, but can also do processing themselves).
> My internet banking service requires a 'customer ID number' plus a birth
> date plus a ten-digit 'password' of which it asks for only three digits at
> each login. They also issue a smart card with a four-digit PIN, of
> course, but that is only used for 'hole in the wall' and 'point of sale'
> transactions. I don't think it would be secure enough to protect complete
> access to my account.
It's much more secure than just the customer number, birthdate and
password. If an attacker obtains these in any way (through phishing, social
engineering etc.), he can use them at will as long as somebody doesn't
notice that something went wrong. With a certificate on a smart card, the
only way an attacker can make use of it is by actually having control of
your machine, and changing an actual transaction you're trying to do while
you're doing it (basically, assuming you're trying to wire some money, the
attacker would have to change the target account number before it's sent to
the bank, then modify the confirmation that the bank sends [shows] back to
you to you before signing - the signing itself is done by the smart card,
which means that the transaction must have been altered before reaching
it). This is several orders of magnitude more complicated than hacking into
bank accounts that are only "protected" by simple user IDs and passwords.
I don't think there's any bank in this country that doesn't use either
certificates or one-time password generators (google for SecurID) for
authentication.
> I've seen several laptops with PC/SC smart card readers built-in, and you
> can get an USB smart card reader for about 20€.
In Estonia you can buy an USB smart card reader for 6 EUR if you don't
have it in your laptop.
> Main advantage of smart cards is that the certificate on them can not be
> accessed directly, and thus cannot be copied easily
Yes, theoretically the private key never leaves the card.
In Estonia you can sign documents digitally with ID Card. The digital
signature
has the same legal authority as a written signature.
But you need separate software for signing documents, so this topic is not
related to Opera.
> I don't think there's any bank in this country that doesn't use either
> certificates or one-time password generators (google for SecurID)
Yes, there are PIN-calculators as well for Internet bank authentication.
But it's not only for banks. ID-card is used to authenticate for following
services:
- self-service portals of telephone and internet service providers
- self-service portal of power (electricity) provider
- buying bus tickets (they are digital, not papers,
public transport service uses ID-card reader to check whether you have
valid ticket)
- to declare your taxes
- to obtain sick fund security for yourself and your kids
- to see home tasks, grades and exam results of your school-kid
- ...many other public and private services
Yes, most of them have workaround for authentication, e.g via Internet
bank or use mobile ID.
For many users it's easier to open another browser than use workarounds.
Marko