I was planning to look at OpenSC for my smart card requirement next. As you say, maybe it'll provide the NSS to Windows bridge I was looking for. But I agree that it probably doesn't make sense.
As for the cert selection issue, I suspect it may be in the Java implementation of FIPS mode. Maybe not everything in X509KeyManager should be allowed in FIPS mode, but I should still be able to choose my aliases. I think I'll submit a bug and see what they say. Thanks for the advice - Merlin -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
