Nelson Bolyard wrote:
I'll add these thoughts. I don't know of any way to "log in" to a token that has no
password. IINM, such a token just "comes up" in a state that is similar to being already
logged in. It's not surprising to me that forcefully logging it out leaves it in a state where it
cannot log in again without being restarted. Maybe the solution is to make it so that it cannot be
logged out, since it is not truly logged in. That could be done in NSS or in PSM or in the browser
outside of PSM (I think).
That might be possible if there was some easy way of determining whether
there is a master password (without prompting the user for such
password). This method would not need to leave the user logged in if
they had previously been logged in with a password.
--
Warning: May contain traces of nuts.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
