On Mon, 2016-04-04 at 12:17 -0700, Ryan Sleevi wrote: > > Your justification seems to be that because you can't imagine my > application doing it, I shouldn't be concerned. But just re-read the > above and you can see how it affects every application - there's now a > new structure and form, and that changes how applications deal with > the API (*especially* if they did anything with that configuration > flag, which, under present NSS, is perfectly legal) > > Your change has observable differences. It breaks the API.
We usually reserve the term "breaks the API" for when something *used* to work, and now doesn't. Not when a previously-failing call now actually does something useful. And the latter is what we're talking about here. If you provide a PKCS#11 URI as the 'nickname', that will *fail* right now. And the proposal is that such a call will no longer fail. (I'd have to check the nickname rules, but there might be a corner case where you have a token named 'pkcs11' and a carefully-contrived nickname which actually makes it a full URI. Which is easily handled simply by saying that the original NSS form takes precedence. Or indeed that *whenever* a token is named 'pkcs11' the PKCS#11 URI parsing is disabled. It's a contrived case anyway). -- dwmw2
smime.p7s
Description: S/MIME cryptographic signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
