On 2012-04-16 09:47, helpcrypto helpcrypto wrote: >>> If you'd like to help make Firefox better for enterprises, we'd be >>> delighted to have you submit patches instead of questioning our >>> commitment to our users. > > I'll ask another way: Is there any argument against compiling NSS with > @loader_path instead of current @executable_path? > (https://bugzilla.mozilla.org/show_bug.cgi?id=578751)
I would not build a scheme based on NSS because NSS is not a prerequisite unless you force people to use Firefox. Even if JSS works, it simply cannot be high-priority task for Mozilla keeping this in shape. Hooking Mozilla/NSS into native APIs like CryptoAPI is a much more important task. I don't really see the link between XadES-XL and key-stores. The Windows key-store is probably more secure than NSS since the former is running at OS-level. Anders > > >> Using Java with NSS is something I don't believe is a good idea for applets. > > Why is not a good idea? Do you know a better way of doing a XAdES-XL? > Anyway, if JSS is for java local apps, rather than Applets, that > should appear on JSS documentation. > >> IMO it is Oracle's call creating useful key-store mechanisms >> for the different platforms. So far they have only done that for Windows. > > Java can work with PKCS#12, PKCS#11, SunMSCAPI, OSX Keychain and NSS > (with a few bugs, as you can see). > The question here is: Can Oracle invoke NSS? > > Quoting bsmedberg (https://bugzilla.mozilla.org/show_bug.cgi?id=654939#c19): > "No, writing enterprise apps which poke into the Firefox certificate > store is not a desired use-case" > > Is that the official position? -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
