Hi Tiago,
On Fri, Feb 15, 2013 at 11:34 AM, TIAGO ALVES wrote:
>
> I saw previous messages that reported build problems in the NSS - PKCS
> #11 Test Suites.
>
> I would like to know if those issues have already been addressed?
We never had the time to retrieve the source code of the missing tool
Dear Members,
I saw previous messages that reported build problems in the NSS - PKCS
#11 Test Suites.
I would like to know if those issues have already been addressed?
I am using a Win32 platform (msvc2008) and the mozilla-build environment.
I managed to compile the latest nss+nspr release and a
>> ie: javascript invoke getKeyFromPKCS11("modulename") and "#1" is
>> returned, but can be used.
>
> How do you envision that this access should be controlled?
> Here imagine that you have dozens of keys, not just a single key in a smart
> card.
The same way as SSL client authentication: with a
On 2013-02-15 11:32, helpcrypto helpcrypto wrote:
>> The problem with this approach is that you expose keys to arbitrary
>> javascript
>> code which is rather different to for example TLS-client-certificate
>> authentication which only exposes a high-level mechanism as well as a
>> [reasonably] se
> I think we all mean "key handles" instead of "plaintext key material"
> but the problem is the same - keys get exposed "naked" and can be
> (ab)used for whatever.
I mean, apart from malicious sign operations, i dont see any risk on
javascript "seeing" a key handle. Is there any?
If the only ris
On Fri, Feb 15, 2013 at 12:32 PM, helpcrypto helpcrypto
wrote:
>> The problem with this approach is that you expose keys to arbitrary
>> javascript
>> code which is rather different to for example TLS-client-certificate
>> authentication which only exposes a high-level mechanism as well as a
>> [
> The problem with this approach is that you expose keys to arbitrary javascript
> code which is rather different to for example TLS-client-certificate
> authentication which only exposes a high-level mechanism as well as a
> [reasonably] secure credential filtering scheme and user GUI.
clear as w
On 2013-02-15 09:46, helpcrypto helpcrypto wrote:
> IMHO, once we have a pkcs#11 interface to handle any smartcard, even
> installed cert using NSS softoken, and maybe a wrapper to mscapi...the
> only thing left is to use those certs stored "somewhere" with your
> javascript API.
The problem wi
>>> I do understand the frustration you must feel in trying to get browsers
>> to work closely with your national ID/Cert system. There are many such
>> systems, and trying to create an API that works with your specific
>> requirements, hardware and regulations is very difficult. The WG notes
>> th
9 matches
Mail list logo