I do understand the frustration you must feel in trying to get browsers
to work closely with your national ID/Cert system. There are many such
systems, and trying to create an API that works with your specific
requirements, hardware and regulations is very difficult. The WG notes
this by
On 2013-02-15 09:46, helpcrypto helpcrypto wrote:
snip
IMHO, once we have a pkcs#11 interface to handle any smartcard, even
installed cert using NSS softoken, and maybe a wrapper to mscapi...the
only thing left is to use those certs stored somewhere with your
javascript API.
The problem
The problem with this approach is that you expose keys to arbitrary javascript
code which is rather different to for example TLS-client-certificate
authentication which only exposes a high-level mechanism as well as a
[reasonably] secure credential filtering scheme and user GUI.
clear as
On Fri, Feb 15, 2013 at 12:32 PM, helpcrypto helpcrypto
helpcry...@gmail.com wrote:
The problem with this approach is that you expose keys to arbitrary
javascript
code which is rather different to for example TLS-client-certificate
authentication which only exposes a high-level mechanism as
I think we all mean key handles instead of plaintext key material
but the problem is the same - keys get exposed naked and can be
(ab)used for whatever.
I mean, apart from malicious sign operations, i dont see any risk on
javascript seeing a key handle. Is there any?
If the only risk are
On 2013-02-15 11:32, helpcrypto helpcrypto wrote:
The problem with this approach is that you expose keys to arbitrary
javascript
code which is rather different to for example TLS-client-certificate
authentication which only exposes a high-level mechanism as well as a
[reasonably] secure
ie: javascript invoke getKeyFromPKCS11(modulename) and #1 is
returned, but can be used.
How do you envision that this access should be controlled?
Here imagine that you have dozens of keys, not just a single key in a smart
card.
The same way as SSL client authentication: with a dialog
Dear Members,
I saw previous messages that reported build problems in the NSS - PKCS
#11 Test Suites.
I would like to know if those issues have already been addressed?
I am using a Win32 platform (msvc2008) and the mozilla-build environment.
I managed to compile the latest nss+nspr release and
Hi Tiago,
On Fri, Feb 15, 2013 at 11:34 AM, TIAGO ALVES alvesfons...@ibest.com.br wrote:
I saw previous messages that reported build problems in the NSS - PKCS
#11 Test Suites.
I would like to know if those issues have already been addressed?
We never had the time to retrieve the source
9 matches
Mail list logo