On 03/08/2011 16:16, Douglas E. Engert wrote:
> You say you are using FF, so have you looked at JSS?
> http://www.mozilla.org/projects/security/pki/jss/
Nope. Proprietary (available only for FF).
> As I read this, it is a java interface to NSS, and thus avoid the
> sunPKCS11 and its limitations, but still allow the use of OpenSC.
It uses SunPKCS11.
> On Windows, you could also use the Windows CAPI via the SunMSCAPI,
> and OpenSC on Windows can still be used via the OpenSC mindriver.
Still proprietary solutions.
And what about smartphones? "Standard" Java is more likely to be adapted
than proprietary interfaces.
>> Well, just searching "smart card" in bugzilla pops up quite a lot of
>> issues. 460985 e 378476 (always selects the first cert from a card),
>> 453025 (security devices only loaded on application start) and many more...
>
> Here are 3 others: 357025, 613496, 613507, These deal with selecting
> the "best slot", supporting CK_ALWAYS_AUTHENTICATE if needed, and
> cutting down on searching for any object when it should be searching for
> a cert only, which may be your 150 times.
Well... The user should be responsible for selecting the "best" slot.
That IMHO shouldn't be a "slot" in the first place, but just a
certificate. The browser should only filter certs so that only
acceptable ones are proposed to the user.
If an object isn't accessible ('cause it's marked private), it should
user's responsibility to login w/ the correct credentials first.
BYtE,
Diego.
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
