Anders, I partially agree with you. When you buy a new token or smartcard, you download an installer application that registry the CSP dll into your system, so Windows can magically resolve digital certificate / storage association.
What is missing in PKCS#11 based systems is user friendly installing application (for Windows and Linux systems). If we had installers that automatically load hardware modules to Mozilla Firefox, preventing end-users from select PKCS#11 dll etc, etc, we could have something very likely Windows Cryptography usability. Regards, Bruno. CERTISIGNBruno de Paula Ribeiro Analista de Desenvolvimento (21) 4501 1816 Certisign Certificadora Digital certisign.com.br -----Mensagem original----- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Em nome de Anders Rundgren Enviada em: quarta-feira, 12 de setembro de 2007 15:25 Para: Jean-Marc Desperrier Cc: dev-tech-crypto@lists.mozilla.org Assunto: PKCS #11 sucks. Re: Fedora Crypto Consolidation A cryptographic subsysten based on C and not having a registration facility is not a solution for the 21st century. AR ----- Original Message ----- From: "Jean-Marc Desperrier" <[EMAIL PROTECTED]> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Wednesday, September 12, 2007 15:22 Subject: Re: Fedora Crypto Consolidation Arshad Noor wrote: > Given that the Fedora community is embarking on an effort > to consolidate crypto keystores and libraries, it would > make sense to take the needs of the Java community also > into consideration in the design and implementation. > [...] > What would be ideal is for JSS to evolve into becoming > just another pluggable JCE Provider and hide the access > to the consolidated Fedora crypto keystore/library > behind that interface. You will then be doing two > communities a great service. I don't believe this is the best option. Since java 1.5, there is a pkcs#11 base JCE included by default in the SUN JVM. It works with NSS, if you configure correctly some compatibility options : http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NS S So the best choice would be to rely on that instead, and see if it's possible to have the sun java rpm package preconfigured correctly to use it and to make it the default JCE. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
