On 2011-01-03 13:04 PDT, Anders Rundgren wrote: > Hi, > > I'm in the starting phase upgrading Firefox so that it can provision > credentials in a way that that banks and governments require which > among many things include E2ES (End-to-End Security) and issuer- > specified PIN-codes (or just policies for user-defined dittos). > > The plan is mainly focusing on (enhanced) HW-tokens which NSS due > to its PKCS #11 heritage doesn't support with any of the above.
I know a vendor of a product that includes tokens, pkcs#11 modules for Windows and Linux, and CA web site software, which product claims to have end-to-end (CA to token) security and (IIRC) Issuer-specified or issuer policy controlled PINs. IINM, it is claimed that all communication with the token is done through the PKCS#11 module. That vendor has at least one representative who participates occasionally here. Perhaps he can speak to how that product accomplishes what it does, and/or correct my misperceptions about the product, Bob. -- /Nelson Bolyard -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
