Hi, Am Dienstag 13 November 2012, um 11:18:07 schrieb Christian Hilberg: > Hi everyone. > [...] > GnuTLS, as a replacement for NSS, adds another layer of complication > to the matter. Aside from the TPM user PIN, it requires the higher > level software to locate the correct client certificate for the > connection to be established inside the TPM (or a software emulation > thereof) via so-called "PKCS #11 URIs" in an explicit manner. There This [9] is how that is supposed to work in the latest GnuTLS (support in the 2.12.x series works much the same).
Kind regards,
Christian
> [0] https://live.gnome.org/Evolution/Kolab
> [1] https://mail.gnome.org/archives/evolution-hackers/2010-July/msg00076.html
> [2]
> http://sourceforge.net/projects/evolution-kolab/files/Usage_of_software_security_devices_for_client_authentication.pdf/download
> [3] http://sourceforge.net/projects/opencryptoki/
> [4] http://trousers.sourceforge.net/
> [5] http://www.openldap.org/
> [6] http://www.gnu.org/software/gnutls/gnutls.html
> [7] https://tools.ietf.org/html/draft-pechanec-pkcs11uri-06
> [8] http://www.openldap.org/lists/openldap-technical/201009/msg00350.html
[9]
http://www.gnu.org/software/gnutls/manual/gnutls.html#Trusted-Platform-Module
--
kernel concepts GmbH Tel: +49-271-771091-14
Sieghuetter Hauptweg 48
D-57072 Siegen
http://www.kernelconcepts.de/
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ evolution-hackers mailing list [email protected] To change your list options or unsubscribe, visit ... https://mail.gnome.org/mailman/listinfo/evolution-hackers
