Bug#537866: [esteid-dev] not as good as directly registering security modules, but...
Mike Hommey
mh at glandium.org
Tue Oct 19 16:58:15 UTC 2010
On Tue, Oct 19, 2010 at 06:29:21PM +0300, Kalev Lember wrote:
> >This of course doesn't solve Mozilla's lack of a security module
> >register, but it would already go a long way towards making national
> >ID card support in Mozilla products a lot more generic.
>
> I am not really interested in pushing for a new package which solves the
> problem in the wrong way. However, having said that, I wouldn't mind
> having a generic opensc mozilla extension either if someone else does
> the legwork.
Please note that a mozilla extension is what it says, a mozilla
extension, meaning it would work with mozilla, but nothing else that
uses nss (think, chromium, evolution, pidgin, etc.)
> In my personal opinion the "right" way to solve that is to have opensc
> package register its PKCS#11 module in the NSS database.
Yes, it would, and there's a bug about nss providing a way to
autoregister them.
> It should
> already be possible to do it like that in Fedora, but I am not sure
> about Debian.
Yes and no. The problem with what is in fedora (and in upstream nss, for
that matter), is that it relies on each individual application to be
modified in order to use the global registry, which also means start
using ~/.pki/. It's very nice and all, but there's also absolutely no
patch that I'm aware of that covers migration of the current databases
to this shared one in ~/.pki/, which means users having user certs, CA
certs, or private modules registered in their ice* profile will lose
them.
Mike
More information about the pkg-mozilla-maintainers
mailing list