On Fri, 2015-05-08 at 14:58 +0200, Wouter Verhelst wrote: > In light of that, it would be great if firefox/libnss were to allow > configuration of PKCS#11 modules externally -- not just on Linux, > but on OSX and Windows too.
Well, p11-kit does build on OSX and Windows too but it doesn't have the same status there. On Linux distributions it *is* the platform's mechanism of choice for configuring PKCS#11 tokens. NSS needs to support it if it wants to integrate with the platform properly. On OSX and Windows, p11-kit is just some third-party software. But then again, isn't PKCS#11 itself an impostor on those platforms anyway? Windows has a *different* model for installing crypto hardware — really, your problem on Windows is that NSS doesn't use nss_capi by default, isn't it? (And that nss_capi hasn't been updated to CNG and that you should be shipping a minidriver or a CSP...) I think the same is true for OSX, with something like PKCS11_keychain? -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
