Darren J Moffat wrote:
> Alan Coopersmith wrote:
>   
>> Have you asked the security community if these would be useful things to
>> support or not?
>>
>>      -Alan Coopersmith-           alan.coopersmith at sun.com
>>       Sun Microsystems, Inc. - X Window System Engineering
>>
>> Jeff Cai wrote:
>>     
>>> Since currently there is no needs for these features which are relating 
>>> to security, I've decided to disable them in gnome-keyring 2.21. These 
>>> include:
>>> 1. ssh support
>>> 2. public key certificates support (general certificate and x.509 
>>> certificate)
>>> 3. pkcs11 support (It is API interface standard for accessing security 
>>> devices such as smart card, usb disk etc.)
>>>
>>> A patch is attached and please review. I'll also ask community to review 
>>> it soon.
>>>       
>
> Who says there is no need for them ?  How did you determine this ?  Do 
> you know why that support is in there ?
>   

All very good questions.

> The PKCS#11 support was actually contributed to gnome-keyring by a Sun 
> engineer and it was done to make the Solaris 10 US Export approval 
> easier while also providing more functionality.
>   

PKCS#11 support is a feature we very much want to keep in the 
gnome-keyring for
the reasons Darren mentions above and also because it enables the 
keyring to take
advantage of HW keystores if available.

-Wyllys


> The Solaris security team is also considering taking on the future 
> ownership/maintenence of gnome-keyring for Solaris (it would likely 
> remain in the JDS consolidation though). I'll work with Jeff/Ghee etc 
> offline on this as it isn't relevant to OpenSolaris.
>
> SSH support is something we very much want to have as well.
>
>   


Reply via email to