Hallo! I have developed a pkcs11 library according to the austrian signature legislation.
NSS queries every Token for Trust-Objects, which are in the Buildin Token. If I answer with a Trust Object the settings I return are used by the NSS. It is possible to enable for instance code signing for CAs, or to disable a CA. Thanks Robert List
