On Wed, 2008-01-02 at 10:33 -0500, Wyllys Ingersoll wrote: > Darren J Moffat wrote: > > Alan Coopersmith wrote: > > > >> Have you asked the security community if these would be useful things to > >> support or not? > >> > >> -Alan Coopersmith- alan.coopersmith at sun.com > >> Sun Microsystems, Inc. - X Window System Engineering > >> > >> Jeff Cai wrote: > >> > >>> Since currently there is no needs for these features which are relating > >>> to security, I've decided to disable them in gnome-keyring 2.21. These > >>> include: > >>> 1. ssh support > >>> 2. public key certificates support (general certificate and x.509 > >>> certificate) > >>> 3. pkcs11 support (It is API interface standard for accessing security > >>> devices such as smart card, usb disk etc.) > >>> > >>> A patch is attached and please review. I'll also ask community to review > >>> it soon. > >>> > > > > Who says there is no need for them ? How did you determine this ? Do > > you know why that support is in there ? > > > > All very good questions. > > > The PKCS#11 support was actually contributed to gnome-keyring by a Sun > > engineer and it was done to make the Solaris 10 US Export approval > > easier while also providing more functionality. > > > > PKCS#11 support is a feature we very much want to keep in the > gnome-keyring for > the reasons Darren mentions above and also because it enables the > keyring to take > advantage of HW keystores if available.
Could you tell me the difference between /usr/lib/libpkcs11.so and this library? Is there any documents for how to use this feature? Jeff > > -Wyllys > > > > The Solaris security team is also considering taking on the future > > ownership/maintenence of gnome-keyring for Solaris (it would likely > > remain in the JDS consolidation though). I'll work with Jeff/Ghee etc > > offline on this as it isn't relevant to OpenSolaris. > > > > SSH support is something we very much want to have as well. > > > > >
