Nelson B. Bolyard wrote: > Robert, > > It sounds like you're concerned about the possibility that one PKCS#11 > token's trust objects could override the trust for objects in another > PKCS#11 token. > > But why would that be a concern? > > The user is in control of his PKCS#11 tokens. He trusts their contents > because he controls their contents. If a token contains content that > the user doesn't like, and the token does not let the user modify that > content, then the user can remove the offending token (one way or another). > > Are you worried about surreptitious installation of PKCS#11 modules?
Yes. > > -- > Nelson Bolyard > Disclaimer: I speak for myself, not for Netscape
