On Tuesday 03 November 2009 13:42:14 David Stutzman wrote: <snip> > Some linux distributions distribute NSS built without ECC support, like > Fedora. Red Hat, on the other hand, distributes NSS sort of how Java > 1.6 is. It "suppports" ECC but itself has no ECC implementation and you > must add in a third party PKCS#11 module to gain working ECC. So Fedora > ignores it, and RHEL makes it relatively easy to integrate it. <snip> > I also just tested EC keygen using certutil and EC SSL on both Gentoo > ($Header: NSS 3.12.4.5 Basic ECC Sep 28 2009 07:58:40 $) server and > OpenSuse 11.1. Both worked fine "out of the box".
Hi David. Gentoo's NSS package supports ECC because I asked them to enable it: http://bugs.gentoo.org/247221 I don't think it was ever a deliberate decision on their part to not enable it previously. They raised no objections to my request. Perhaps Fedora and other distros would also be happy to enable ECC by default in NSS if somebody would simply ask them to do so. A question for the NSS devs: Is there any reason why NSS couldn't be changed to assume "NSS_ENABLE_ECC=1" by default? > So to tie all this gibberish to the thread, the OP *shouldn't* need a > third party ECC library to do what he is attempting to do (as evidenced > by the Windows, Gentoo and OpenSUSE builds of NSS). > > I know I've had previous dealings with many of you before on this topic > and don't take this as complaining...just trying to put the info out > there and understand the what's and why's. I appreciate all the hard > work you do. > > Dave > > PS Nelson, I've been trying to email you directly and haven't been > getting any responses. > Rob Stradling Senior Research & Development Scientist C·O·M·O·D·O - Creating Trust Online Office Tel: +44.(0)1274.730505 Office Fax: +44.(0)1274.730909 www.comodo.com Comodo CA Limited, Registered in England No. 04058690 Registered Office: 3rd Floor, 26 Office Village, Exchange Quay, Trafford Road, Salford, Manchester M5 3EQ This e-mail and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the sender by replying to the e-mail containing this attachment. Replies to this email may be monitored by Comodo for operational or business reasons. Whilst every endeavour is taken to ensure that e-mails are free from viruses, no liability can be accepted and the recipient is requested to use their own virus checking software. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
