A cryptographic subsysten based on C and not having a registration facility is not a solution for the 21st century. AR ----- Original Message ----- From: "Jean-Marc Desperrier" <[EMAIL PROTECTED]> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Wednesday, September 12, 2007 15:22 Subject: Re: Fedora Crypto Consolidation
Arshad Noor wrote: > Given that the Fedora community is embarking on an effort > to consolidate crypto keystores and libraries, it would > make sense to take the needs of the Java community also > into consideration in the design and implementation. > [...] > What would be ideal is for JSS to evolve into becoming > just another pluggable JCE Provider and hide the access > to the consolidated Fedora crypto keystore/library > behind that interface. You will then be doing two > communities a great service. I don't believe this is the best option. Since java 1.5, there is a pkcs#11 base JCE included by default in the SUN JVM. It works with NSS, if you configure correctly some compatibility options : http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS So the best choice would be to rely on that instead, and see if it's possible to have the sun java rpm package preconfigured correctly to use it and to make it the default JCE. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto