Fixing NSS and p11-kit in Fedora (and beyond)

David Woodhouse dwmw2 at
Fri Dec 12 05:53:06 PST 2014

On Fri, 2014-12-12 at 14:44 +0100, Stef Walter wrote:
> > Joy. Remind me again why you're happy for NSS softokn to be one of the
> > default writable tokens on the system and ditch that functionality from
> > gnome-keyring-pkcs11? :)
> Because I don't have time to maintain it, or finish it, and the
> implementation is woefully incomplete. It was short sighted of me to
> think I could implement something complete.

Fair enough. Although with the patch I just filed it's working fairly
nicely now from Firefox. What major things are missing?

> But p11-kit has the functionality to remote PKCS#11 now ... with more
> work on it's way (thanks Nikos). It could (with a bit more work) run
> PKCS#11 modules in a daemon ... coordinate their writability etc.

Or maybe we should just grit our teeth and enable in
$HOME/.pki/nssdb in the default p11-kit configuration? That'll probably
be a whole lot easier to coordinate with NSS applications.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the p11-glue mailing list