Robert Relyea wrote: > On 01/04/2012 09:04 AM, Anders Rundgren wrote: > >> There is a capi module in the NSS source tree, but it purposefully > >> does not surface removable CAPI modules under the assumption that > >> such devices already have PKCS #11 modules.
While it may be true that they have PKCS#11 modules, the user probably does not have the PKCS#11 module installed, but they probably have the CAPI module installed. The idea motivating the consideration of supporting CAPI is to have a "zero configuration" experience for switching from other browsers (especially IE) to Firefox. The possibility of plug-and-play smartcards in Windows 7 pushes us more towards CAPI support on Windows. I now have five smartcard tokens (for accessing my new Chinese bank accounts) and they all have CAPI modules installed but only one has a PKCS#11 module even available for me to install into Firefox. > I was primarily trying to avoid a loop. The CAPI drivers we use are > CAPI to PKCS #11. The configurations I was running with had the > PKCS #11 module installed in NSS and the CAPI to PKCS #11 module > installed in capi. Interesting. I did not know that. Unfortunately, I doubt there would be an easy way to automatically locate the PKCS#11 module given the CAPI module. I am curious as to how smartcard management is supposed to work for Linux. It seems to me that it would be ideal for Firefox to support the shared DB on Linux. Are there OS-level tools for managing the shared DB. For example, is there an OS-level UI for adding/removing PKCS#11 modules in Fedora/RHEL that would make Firefox's UI for this redundant? - Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
