Subrata Mazumdar wrote:
Thanks Wan-Teh for the suggestion.
No, requiring custom version of Firefox to use ECC key based certificate
enrollment is not realistic.
It just does not seem right to disable access to all licensed ECC
implementation just because Mozilla wants to disable the ECC
implementation in the NSS soft-token. But, I am not go to question
developer's decision because they have to live with the consequences.
--
Subrata
Wan-Teh Chang wrote:
If it is an option for you to use custom-built NSS libraries
with Firefox, you can follow the instructions at
http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
to build a version of NSS that doesn't have a built-in ECC
implementation but can be configured to use a third-party
ECC implementation with no crippled functionality. That
wiki page is intended for exactly your scenario.
Technically, he's only suggesting you build a custom set of NSS
libraries. You don't really need to do a full custom Firefox.
I can attest that the linked wiki directions do work as I've used them
myself to enable (ready for a laugh?) a Certicom ECC capable PKCS#11 module.
Dave
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
