On 01/04/2012 09:04 AM, Anders Rundgren wrote: > On 2012-01-03 23:44, Robert Relyea wrote: >> On 12/30/2011 06:53 AM, Anders Rundgren wrote: >>> On 2011-12-29 23:08, Brian Smith wrote: >>>> Matej Kurpel wrote: >>>>> On 22. 12. 2011 10:36, Imen Ibn Hotab wrote: >>>>>> I`m developing pkcs#11 module for Firefox. >>>>> I was developing a PKCS#11 module as well. >>>> Just out of curiosity, what do your PKCS#11 modules do? >>>> >>>> Would it make things easier for either of you if Firefox and >>>> Thunderbird supported CAPI CSPs in addition or instead of >>>> pkcs#11 modules for client certificates on Windows? >>> Yes! I think Firefox would gain by in addition to PKCS #11, >>> also support the native OS crypto system (if there is one). >>> >>> Cheers, >>> Anders >> There is a capi module in the NSS source tree, but it purposefully does >> not surface removable CAPI modules under the assumption that such >> devices already have PKCS #11 modules. > I'm not sure what you mean with "removable CAPI modules" but the > assumption that PKCS #11 is standard on Windows is not entirely > correct since PIV cards (for example) can be "as is" in W7 and > forward without any middleware installation. Other cards may > need an install via Windows Update but this (AFAIK) does usually > not include PKCS #11. I'm just explaining what is there, so if you don't like the default you could change it;). I was primarily trying to avoid a loop. The CAPI drivers we use are CAPI to PKCS #11. The configurations I was running with had the PKCS #11 module installed in NSS and the CAPI to PKCS #11 module installed in capi.
bob
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
