Nelson B. Bolyard wrote: > Robert List wrote: > >>Hallo! >> >>I have developed a pkcs11 library according to the austrian signature >>legislation. >> >>NSS queries every Token for Trust-Objects, which are in the Buildin Token. >> >>If I answer with a Trust Object the settings I return are used by the NSS. >>It is possible to enable for instance code signing for CAs, or to >>disable a CA. > > > That's correct. How is this a security problem?
I (pkcs11 modules which does not provide the certificates I am talking from) can manipulate the trust settings the NSS uses for the CA certificates stored in the buildin token. So I can disable CAs, meaning that all e-mails signed with certificates issued by that CA are invalid. From my point of view, only the manufacturer and the user of a certificate store should be able to manipulate the trust settings used. Maybe (I havent tested it so far) I can enable CAs which are revoked. It is possible too, to set the code signing ability for "e-mail only" CAs. Than I get (not tested too) an ordinary e-mail certificate from that CA, and sign code, which should be started, after checking the Trust of the CA. > > >>Thanks >>Robert List > > > > -- > Nelson Bolyard Netscape Communications (subsidiary of AOL) > Disclaimer: I speak for myself, not for Netscape
