On Fri, May 8, 2015 6:09 am, David Woodhouse wrote: > On Linux distributions it *is* the platform's > mechanism of choice for configuring PKCS#11 tokens. NSS needs to > support it if it wants to integrate with the platform properly.
I'm sorry to continually push back on this, but you continue to make this claim. This is a heady claim that lacks any evidence (so far) to support it, beyond a particular distro. 1) You can't really talk about "the platform's mechanism" for Linux, unless/until it's part of LSB. Beyond that, you're just waving your hands in your air saying "for some distros". Linux is a world where a thousand flowers bloom and a distro exists for every particular person's needs, so you can't just make broad sweeping statements like this. 2) It is _an_ option for the platform. Indeed, I'd suggest you've got a cart leading the horse. AFAICT, NSS *is* part of LSB ( http://www.linuxbase.org/betaspecs/lsb/LSB-Common/LSB-Common/requirements.html ) but p11-kit is not. So you can equally argue (and more accurately argue) that p11-kit is failing to integrate with the platform properly by failing to register itself with NSS. I have no fundamental objections to p11-kit - indeed, I think it's quite handy. But I do take issue with such broad sweeping claims used to argue for supporting it. It's an option, I get that some distros really like I, I *personally* like it for some cases, but that does *not* argue it's a good thing. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto