TGOS wrote:
TGOS, it's enough. You recieved more individual help here than I usually get when I try to fix Mozilla bugs/features. You are not glad about that, but continue to flame the Mozilla/Netscape developers.Written on Mozilla.org (somewhere in the shameful little documentation about PSM or NSS).
And if *you* expect to be taken serious, then follow the charter of the newsgroups you post to. Which would have meant to post with (real) name and email address. This was pointed out to you, but you ignored it.
I wonder how the Mozilla profiles get on that platform, but anyways: You probably know that NSS runs pretty much on all desktop and server platforms in existance. I don't think your washing machine needs to read your Mozilla password file.No, I don't want to write software that depends on some external library to be present (which may not even exist for the platform it will run later on)
Libraries don't need root priviledges to work. You can install them aside to your binary, no uninstall hassles involved. In fact, you might even be able to link it statically.because one would need root privileges to add the library which a user just may not have, etc.)
What if I want to write the code in JavaScript and use a HTML page as GUI?
Aha aha ahaaa. JavaScript, HTML page. I smell something.
Every platform I know that offers "a modern browser" can run NSS. Often, Mozilla is exactly that modern browser, the only one.I think no scripting language has a better cross-platform support as every platform that offers a modern browser can execute JavaScript.
First, it seems to me that you are contradicting yourself here. You wrote beforeYou're assuming the intent is to give people access to the data.Yes. This is MY DATA. These are MY PASSWORDS. And, OMG, believe it or not, I want to have access to MY DATA.
"So PGP mails are only secure if you can always keep the key file (that contains your private keys) secure, which is not the case if it's stored on HD (a Trojan could access it easily)."
Ignoring for now that if you have a trojan onboard, you are lost *anyways*. You appearantly want your data protected from that trojan, but not from your self-written script (where does it run from? a webpage?). Where is the difference, technically?
(Consider dictionary attacks on passwords and the fact that the vast majority of Mozilla users doesn't have a master password. - Sorry, if I mixed something up here, but I didn't follow the whole thread.)
Second: No, the passwords Mozilla stores for you are not your "data". They are more in a cache. You are supposed to keep track of your usernames/passwords somewhere else. This feature is only for convience, to save you the repeated typing. Mozilla cannot garantee the level of data security that would be needed to savely keep the only instance of your online identity.
Keep the master database of your passwords in a PGP-encrypted file or whereever. (Or tell the user to do so.) Which should also pretty much end this discussion.
Where does the site state that OIDs apply to S/MIME only?the fact that you didn't bother to do a careful search on what OIDs are is pretty indicative, imo.Tell this the webmaster of Mozilla.org
Maybe a trivial, obvious Google search would help you? <http://www.google.com/search?q=site:mozilla.org+OID>
Or the search function of the site itself? <http://www.mozilla.org/htdig-cgi/htsearch?words=OID>
