Thanks Wan-Teh for the suggestion.
No, requiring custom version of Firefox to use ECC key based certificate
enrollment is not realistic.
It just does not seem right to disable access to all licensed ECC
implementation just because Mozilla wants to disable the ECC
implementation in the NSS soft-token. But, I am not go to question
developer's decision because they have to live with the consequences.
--
Subrata
Wan-Teh Chang wrote:
On Thu, May 14, 2009 at 8:53 PM, Subrata Mazumdar
<subrata.mazum...@ieee.org> wrote:
I just have another question. According to the source code
(http://mxr.mozilla.org/security/source/security/nss/lib/cryptohi/secsign.c#92)
signing with EC key is disabled irrespective of underlying security device.
What about if I am using a Smart Card with licensed ECC implementation, such
as Athena's ASECard?
If it is an option for you to use custom-built NSS libraries
with Firefox, you can follow the instructions at
http://pki.fedoraproject.org/wiki/ECC_Capable_NSS
to build a version of NSS that doesn't have a built-in ECC
implementation but can be configured to use a third-party
ECC implementation with no crippled functionality. That
wiki page is intended for exactly your scenario.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto