Darren J Moffat wrote: > Alan Coopersmith wrote: > >> Have you asked the security community if these would be useful things to >> support or not? >> >> -Alan Coopersmith- alan.coopersmith at sun.com >> Sun Microsystems, Inc. - X Window System Engineering >> >> Jeff Cai wrote: >> >>> Since currently there is no needs for these features which are relating >>> to security, I've decided to disable them in gnome-keyring 2.21. These >>> include: >>> 1. ssh support >>> 2. public key certificates support (general certificate and x.509 >>> certificate) >>> 3. pkcs11 support (It is API interface standard for accessing security >>> devices such as smart card, usb disk etc.) >>> >>> A patch is attached and please review. I'll also ask community to review >>> it soon. >>> > > Who says there is no need for them ? How did you determine this ? Do > you know why that support is in there ? >
All very good questions. > The PKCS#11 support was actually contributed to gnome-keyring by a Sun > engineer and it was done to make the Solaris 10 US Export approval > easier while also providing more functionality. > PKCS#11 support is a feature we very much want to keep in the gnome-keyring for the reasons Darren mentions above and also because it enables the keyring to take advantage of HW keystores if available. -Wyllys > The Solaris security team is also considering taking on the future > ownership/maintenence of gnome-keyring for Solaris (it would likely > remain in the JDS consolidation though). I'll work with Jeff/Ghee etc > offline on this as it isn't relevant to OpenSolaris. > > SSH support is something we very much want to have as well. > >