Nelson B Bolyard wrote: >> If you want to use Hardware tokens, PKCS #11, and Firefox you >> either must be nuts, a masochist, very smart, or highly committed. >Anders, The user has made a decision and we're helping him with it.
That's fine, I have personally noted that these kinds of problems are rather common while for example using a FAT-formatted USB mass storage unit works without hassles on multiple platforms. This is not something that You or Mozilla is responsible for, it is the *industry* that we both represent that IMO have screw-up big-time. See Kyle's posting regarding on-line banking. >I am aware that you have proposed alternative technologies to many >of those used in Firefox, and I imagine that you're frustrated that the >major browsers are not excitedly switching to those alternatives. It is very frustrating that EU banks and governments are spending hundreds of million dollar per year on software that basically replace the browsers' client-side PKI stuff because the latter are all-over-the-map and does not support the tiniest of requirements such as PIN-codes for soft tokens. Many of these efforts also bypass TLS client-cert-auth for essentially the same reasons why practically nobody uses HTTP Basic or Digest Authentication. but rather make auth a part of the app protocol. Anyway, my analysis shows that updating browser mechanisms like <keygen> wouldn't actually solve anything because the token products on the market were never designed for on-line provisioning. According to most people who are into consumer PKI, Java applets is the best solution for cross-browser PKI. I think Java applets suck but indeed, that's really all we got. >but please don't take it out on us. Please refrain from further sniping >in this mailing list and newsgroup. Constructive contributions are welcome. I'm sorry about that. Is there any other place where Mozilla people hang out where there is an interest in trying to understand why and what is happening on the PKI side for consumers? Regarding constructive contributions: IF it would be possible to get some architectural support for introducing XML protocol support in Firefox, I think we could actually move things forward a bit: http://webpki.org/papers/web/XMLBrowserExtensionScheme.pdf If Mozilla want to do this in another way that's fine, the important thing is to get something universally usable running! >In answer to your question: Yes, the Linux Software Base now includes NSS. >Numerous products use it, including Google's Chrome and Adobe's Flash Player. That's good to hear! Regards Anders Rundgren -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
