On Mon, 28 Jul 2008, Nelson B Bolyard wrote: > The requirement to put all cryptographically sensitive information into a > well defined crypto boundary seems very elegant. It explains how NSS was > able to work with so many third party crypto gizmos starting in the late > 90's, and how it was able to get 4 FIPS 140 certifications.
I disagree. It may explain it fine to you all guys who know all the NSS gory details inside and out and who are concerned mostly for Firefox or other newly written apps, but for some of us mere mortals trying to understand NSS it does not make sense. In my case, we have a library (libcurl) that provides an API that we currently can make at least three different SSL/TLS libraries work with. But I simply can't seem to make libcurl/NSS support the API we provide since NSS doesn't provide the features we need for that. It does not make sense to me that NSS cannot have a "load foreign but frequently used other formats" support. Quite obviously it is possible with the use of an external plugin, but that plugin seems to still be a bit esoteric and loading .so/.dll files dynamically tends to cause problems to the users sooner or later. -- / daniel.haxx.se _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
