Fixing NSS and p11-kit in Fedora (and beyond)
Stef Walter
stefw at redhat.com
Fri Dec 12 06:11:25 PST 2014
On 12.12.2014 14:53, David Woodhouse wrote:
> On Fri, 2014-12-12 at 14:44 +0100, Stef Walter wrote:
>>> Joy. Remind me again why you're happy for NSS softokn to be one of the
>>> default writable tokens on the system and ditch that functionality from
>>> gnome-keyring-pkcs11? :)
>>
>> Because I don't have time to maintain it, or finish it, and the
>> implementation is woefully incomplete. It was short sighted of me to
>> think I could implement something complete.
>
> Fair enough. Although with the patch I just filed it's working fairly
> nicely now from Firefox. What major things are missing?
>
>> But p11-kit has the functionality to remote PKCS#11 now ... with more
>> work on it's way (thanks Nikos). It could (with a bit more work) run
>> PKCS#11 modules in a daemon ... coordinate their writability etc.
>
> Or maybe we should just grit our teeth and enable nsssoftokn3.so in
> $HOME/.pki/nssdb in the default p11-kit configuration? That'll probably
> be a whole lot easier to coordinate with NSS applications.
Yup. You won't hear objections from me. When you do, you'll probably run
into a few issues to do with the initialization string, and I'd be happy
to review patches :)
Stef
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/p11-glue/attachments/20141212/7b646d6f/attachment.sig>
More information about the p11-glue
mailing list