On 14.06.2007, at 1:00, Douglas E. Engert wrote:
> So it looks like the latest FireFox 2.0.0.4 is working much better.
* Certificate selection is still broken - it selects nonrepudiation  
certificate with no ssl client certificate usage bits automatically  
even though it should select a certificate with SSL client  
capabilities (IMO) (see https://bugzilla.mozilla.org/show_bug.cgi? 
id=328346 - even though it is considered as fixed). This is one of  
the reasons why the onepin module exists - to only present one  
certificate (protected with one pin) to firefox so that it could do  
dumb decisions.

* Loading the module via standard GUI (preferences -> advanced ->  
encryption -> security devices -> load) still results in 'unfriendly  
behavior' meaning automatic certificate selection, if enabled,  
requires you to type in all different pins and puks on the card (PIN1  
for slot1, PIN2 for slot 2 and PUK, alone in the separate slot). (see  
https://bugzilla.mozilla.org/show_bug.cgi?id=201333) This is the  
second reason why the hackerish module exists - even if Firefox knew  
how to select the right certificate if given the ones present on  
Estonian eID, it would ask both PIN1 and PIN2 just to make the  
decision to choose the one with PIN1 to proceed (even though the  
certificates are public)

Thus the need still exists for this hackerish module to enable  
seamless operation for Estonians at least. :(

If there are bugs in the code or changes that change this behavior -  
let me know and I'll give it a try to see what happens. Unfortunately  
I'm not a pkcs11 expert.


-- 
Martin Paljak
http://martin.paljak.pri.ee


_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to