I am familiar with the SunPKCS11 Bridge, Jean-Marc. However, I believe that that is all it is - a bridge connecting two different environments. I don't deny that the bridge does work, but it will always be constrained by the fact that the two sides on either side of the bridge may evolve at different rates and in different directions - leading to development and operational headaches for everyone.
If the Fedora community is taking the visionary step of consolidating the different crypto-stores in the open-source community, then there is added benefit to including the Java community natively rather than through a bridge. Many Linux developers are also Java developers - and vice-versa - and they would appreciate that they do not have to deal with the complexities of the Bridge for a new environment - I can understand the reason to leave things alone for the legacy environment. Opportunities to do the right thing don't come often - PKCS#11 was good, but the community splintered with many crypto-stores despite PKCS#11. Sun had to come up with something that worked across all Java platforms - hence JKS. Microsoft continues to crow because of their unified key-store in CAPI. FCC is good; but the open-source community now has the opportunity to bring all open-source crypto-stores together - on Linux and Java. Whatever design is created for FCC, if they take the Java community into consideration (and create a JSR for future evolution of the key-store), this will ensure that FCC and the JCE environment stay in lock-step. Arshad Noor StrongAuth, Inc. ----- Original Message ----- From: "Jean-Marc Desperrier" <[EMAIL PROTECTED]> To: dev-tech-crypto@lists.mozilla.org Sent: Wednesday, September 12, 2007 6:22:02 AM (GMT-0800) America/Los_Angeles Subject: Re: Fedora Crypto Consolidation Since java 1.5, there is a pkcs#11 base JCE included by default in the SUN JVM. It works with NSS, if you configure correctly some compatibility options : http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS So the best choice would be to rely on that instead, and see if it's possible to have the sun java rpm package preconfigured correctly to use it and to make it the default JCE. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
