On 12/04/14 21:33, Florian Weimer wrote:
* Julien Pierre:
Strange that "PKCS#11 support" is listed as a "con" for NSS .
I found the PKCS#11 approach rather difficult to deal with if you're
adding cryptography to some library whose client code has no idea that
there is cryptography involved (a
* Julien Pierre:
> Strange that "PKCS#11 support" is listed as a "con" for NSS .
I found the PKCS#11 approach rather difficult to deal with if you're
adding cryptography to some library whose client code has no idea that
there is cryptography involved (and that NSPR and NSS need
initialization).
On Tue, Apr 8, 2014 at 1:11 PM, Jean-Marc Desperrier wrote:
>> It's good for interop with smart cards. That's about it.
I'd say that PKCS#11 for smart cards is the last resort an actual user
would want to use. It is more useful for HSM-s than smart cards, which
require usability in addition to a
On 04/08/2014 06:31 AM, Alan Braggins wrote:
> On 08/04/14 13:11, Jean-Marc Desperrier wrote:
>> Ryan Sleevi a écrit :
>>> reliance on PKCS#11 means that there are non-trivial overheads when
>>> doing something as "simple" as hashing with SHA-1. For something
>>> that is
>>> such a "simple" transfo
On 08/04/14 13:11, Jean-Marc Desperrier wrote:
Ryan Sleevi a écrit :
reliance on PKCS#11 means that there are non-trivial overheads when
doing something as "simple" as hashing with SHA-1. For something that is
such a "simple" transformation, multiple locks must be acquired and the
entire NSS int
Ryan Sleevi a écrit :
That was an interesting rant, thanks.
reliance on PKCS#11 means that there are non-trivial overheads when
doing something as "simple" as hashing with SHA-1. For something that is
such a "simple" transformation, multiple locks must be acquired and the
entire NSS internals m
On Mon, February 3, 2014 4:30 am, David Woodhouse wrote:
> On Mon, 2014-02-03 at 12:13 +, Alan Braggins wrote:
> >
> > Having support for PKCS#11 tokens at all is a pro, even if one
> > irrelevant to the vast majority of users.
>
> That gets less true as we start to use PKCS#11 a little more.
On Mon, 2014-02-03 at 12:13 +, Alan Braggins wrote:
>
> Having support for PKCS#11 tokens at all is a pro, even if one
> irrelevant to the vast majority of users.
That gets less true as we start to use PKCS#11 a little more. It isn't
*just* about hardware tokens — things like gnome-keyring of
On 31/01/14 18:28, Ryan Sleevi wrote:
On Fri, January 31, 2014 9:18 am, Alan Braggins wrote:
On 31/01/14 10:24, Julien Pierre wrote:
On 1/27/2014 10:28, Kathleen Wilson wrote:
Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
NSS to OpenSSL:
https://docs.google.com/docu
Ryan,
On 1/31/2014 10:28, Ryan Sleevi wrote:
I tried not to write too much on the negatives of NSS or OpenSSL,
because both are worthy of long rants, but I'm surprised to hear
anyone who has worked at length with PKCS#11 - like Oracle has (and
Sun before) - would be particularly praising it. I
softoken also isn't a complete implementation of a PKCS#11 module. It's
"just good enough" to be used by NSS, not good enough to be used by other
PKCS#11 platforms. It's disturbing that it's never been completed. It's
more disturbing because the keys I might have in FIPS softoken can't be
used in
On Fri, January 31, 2014 9:18 am, Alan Braggins wrote:
> On 31/01/14 10:24, Julien Pierre wrote:
> >
> > On 1/27/2014 10:28, Kathleen Wilson wrote:
> >> Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
> >> NSS to OpenSSL:
> >>
> >> https://docs.google.com/document/d/1ML11Zyy
On 31/01/14 10:24, Julien Pierre wrote:
On 1/27/2014 10:28, Kathleen Wilson wrote:
Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
NSS to OpenSSL:
https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit?pli=1
Strange that "PKCS#11 support"
On Friday 31. January 2014 02:24:35 Julien Pierre wrote:
> On 1/27/2014 10:28, Kathleen Wilson wrote:
> > Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
> > NSS to OpenSSL:
> >
> > https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9
> > XvE6s/edit?pli
On 1/27/2014 10:28, Kathleen Wilson wrote:
Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
NSS to OpenSSL:
https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit?pli=1
"Switching to OpenSSL, however, has the opportunity to bring
significa
Le lundi 27 janvier 2014 19:28:51 UTC+1, Kathleen Wilson a écrit :
> Draft Design Doc posted by Ryan Sleevi regarding Chrome migrating from
>
> NSS to OpenSSL:
>
>
>
> https://docs.google.com/document/d/1ML11ZyyMpnAr6clIAwWrXD53pQgNR-DppMYwt9XvE6s/edit?pli=1
>
> "Switching to OpenSSL, however
16 matches
Mail list logo
