On Tue, Oct 19, 2010 at 06:29:21PM +0300, Kalev Lember wrote: > >This of course doesn't solve Mozilla's lack of a security module > >register, but it would already go a long way towards making national > >ID card support in Mozilla products a lot more generic. > > I am not really interested in pushing for a new package which solves the > problem in the wrong way. However, having said that, I wouldn't mind > having a generic opensc mozilla extension either if someone else does > the legwork.
Please note that a mozilla extension is what it says, a mozilla extension, meaning it would work with mozilla, but nothing else that uses nss (think, chromium, evolution, pidgin, etc.) > In my personal opinion the "right" way to solve that is to have opensc > package register its PKCS#11 module in the NSS database. Yes, it would, and there's a bug about nss providing a way to autoregister them. > It should > already be possible to do it like that in Fedora, but I am not sure > about Debian. Yes and no. The problem with what is in fedora (and in upstream nss, for that matter), is that it relies on each individual application to be modified in order to use the global registry, which also means start using ~/.pki/. It's very nice and all, but there's also absolutely no patch that I'm aware of that covers migration of the current databases to this shared one in ~/.pki/, which means users having user certs, CA certs, or private modules registered in their ice* profile will lose them. Mike -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
