For the last little while I've been working on p11-kit, and integrating it into various projects across the open source community.
http://p11-glue.freedesktop.org/p11-kit.html One of the main issues it tries to solve, is that of a standard configuration/registry for PKCS#11 modules. This has several benefits: * A package that installs a PKCS#11 module can install config file which allows it to be automatically detected by other apps (whether or not they enable it automatically). * A system configuration which can be overridden by the user. So that a sysadmin can install a PKCS#11 module for all users. * Optional lockdown of module config, where users can't trivially modify which PKCS#11 modules are loaded across the Desktop. The documentation format is documented here: http://p11-glue.freedesktop.org/doc/p11-kit/config.html I'd love to help make it possible for NSS to use this config system as well (along side its current setup). I believe the config system as designed is flexible enough to handle NSS's special needs, and I've looked over the pkcs11.txt style configuration while developing this. But since we're in the early stages of finalizing p11-kit, it'd be great to hear any areas where the config stuff falls short. Cheers, Stef -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto