I am currently using FireFox V1.5 (Windows XP) and use a smartcard based DigitalID (private key and X509 cert) via a commercial PKCS#11 DLL marketed under the SafeSign name.
My question concerns the frequency I am prompted for my smartcard password. It appears that when FireFox tries to perform some SLL related action it requires that I have an "active" smartcard session (e.g. I have recently entered my PIN) despite the fact that for normal SLL, no client authentication, there is no reason at all for it to need it. Surely this is not correct operation. It's certainly a pain. I have also noticed that when I use client authenticated SSL I am quite rightly asked for my PIN but the internal caching of authentication tokens appears to be different between the smartcard and the internal crypto device as I am constantly asked to re-enter the smartcard PIN after periods of inactivity (say 10 or 15 minutes). Probably not a fault as such but inconvenient. Regards, Mark. Diginis is an ISO 9001 certified company Simple, Safe, Secure e-Solutions This electronic transmission and any files attached to it are strictly confidential and intended solely for the addressee. If you are not the intended addressee, you must not disclose, copy or take any action in reliance of this transmission. If you have received this transmission in error, please notify us by return and delete the same. Although Diginus Ltd rigorously endeavours to maintain a virus free computer environment, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
