On 08/04/2011 11:30 PM, Nikos Mavrogiannopoulos wrote: >>> * Coordinating initialization and finalizing. >> You referencing a bad implemented application that is use PKCS#11 in >> two independent places. A practical solution is to fix the library >> implementation (such as GnuTLS) to provide some state information. > > How do you know that one library is in use? How can you avoid an > application being linked to both p11-kit and pkcs11-helper? My > experience from gnutls is that you cannot really track indirect > dependencies, and you end-up having applications linked against > gnutls and openssl. If both had to access a PKCS #11 token there > would be a problem.
Well put. In my opinion this is the key bit where people would want pkcs11-helper to use p11-kit. But as we pointed out earlier, that's already possible with the p11-kit proxy module [1]. In any case, I understand the hesitation. Some of us are pushing forward PKCS#11 more onto mainstream desktops right now, and using it on the Desktop. Although I strongly believe this is a good course of action, it'll take a little while before we can prove this usage. Perhaps after p11-kit has proved itself, and we see how this ends up being deployed in practice, we can revisit further integration. Cheers, Stef [1] http://p11-glue.freedesktop.org/doc/p11-kit/sharing-module.html _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
