-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 As a semi-regular OpenSC developer I suggest not to do this.
PKCS#11 as it is currently implemented really needs to be explicitly "enabled" by specifying a module in applications. Also, I would not want jarsign or keytool to accidentally talk to a smart card that is connected, especially because NSS is known to be stupid in some cases (search for "friendly certs" in Mozilla's Bugzilla). OTOH it would be nice to be able to say something like "--use-system" to either keytool or jarsigner to be able to talk to Keychain on OSX or certstore on Windows or something like p11-kit "master module" on Linux. A similar conceptual issue exists in the W3C web-crypto API, that leaves a plethora of options available that can result in unwanted operations: http://www.w3.org/TR/WebCryptoAPI/#security-implementers I would blame keytool and JDK if it accidentially blocked a key on my smart card due to some underlying automatically-appearing bug. - -- Martin +372 515 6495 -----BEGIN PGP SIGNATURE----- Comment: Pretty good, eh? iQEcBAEBCAAGBQJTNxSxAAoJEKzwIt3aPjKjDAMH+QEYMFTgiRt+3wW6rR8rWG4c 1TzGYvXfPUci6ei0Q0w4Dj1MVAidt/nO+SmzmJc0EFUf2jzjrPQCCx17PBhbbD3s y2a9YCyLVpCC8a8Lfgv7oMbhtVrbyA5Zak72vVammMap6aYzHJee9i9GO1G37MCU EF2s9qwjJQ3pYWmj38SfPlxPGPokOKzUBh0HdY07iEivp3UceKfLja+jcKlUa7YJ /uN4UVkjRe6OXW/utp0DcevNKOojQrjuVyShtrP+Y3MXpQGsSWQZX91kYQSfAbur hvXvjQBz9RHqcKEqYezivat7YWAkIKuNOQSlmzFGeWJdI2DZGtNXX0GBGnVrXWI= =lVbg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
