> -----Original Message----- > The requirement to put all cryptographically sensitive > information into a > well defined crypto boundary seems very elegant. It explains > how NSS was > able to work with so many third party crypto gizmos starting > in the late > 90's, and how it was able to get 4 FIPS 140 certifications.
The above is just one of the reasons I've used NSS/JSS in more than one application. It may be a little more work to get started using PKCS#11, but it pays off big time once an additional module/token is needed/wanted. I've added networked HSMs, PCI-based HSMs, purely software PKCS#11 modules and about 5-6 different smart cards to NSS and they all work just fine. It's usually little more than a single modutil command to add the PKCS#11 shared library to NSS. Getting 4 FIPS validations and having none with problems like OpenSSL (that I'm aware of) is icing on the cake. Dave _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
