[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )
Andrew.Fan at sun.com
Tue Jul 22 19:48:50 PDT 2003
Aleksey Sanin wrote:
> Well, I am not sure that "GetBestSlot" should be replaced on the xmlsec
> level. It seems to me that this is crypto library (NSS) job. I wonder
> what Tej
> thinks about that.
NSS has provided a set of functions to do the jobs. "GetBestSlot" is a
preferable function in some situation, such as one crypto device
environment. "GetBestSlot" provide the simplest way for simple
application such as mail and ssl. I think, xmlSec will not only run in a
so simple environment. One day, xmlSec will run in a complex crypto
environment, such as a key management center or a distributed key
management system, in which there are so many smart card to read and
write, so many crypto machine and every crypto machine has more than one
tokens. "GetBestSlot" will select one from all of those tokens. NSS do
provides another set of functions operating in that environment, but it
is not "GetBestSlot". The new interfaces from the patch try to wrap
those functions into simple ones. So I still think it is valuable.
BTW, "GetBestSlot" also can work in the above complex envrionment if the
high level application adjust the behavior of NSS crypto modules. But it
will affect all of other crypto related applications besides xmlSec.
It's a bad choice, I think.
Anyway, I will respect you and Tej's viewpoints.
> Anyway, it would be great if you prepare a full diff. Much more simple to
> understand what is going on and how you are going to use these functions.
> Also I would appreciate if you can put comments with function
> I use automated API docs generation tools and this is very helpfull.
> Look at any xmlsec source file for examples.
I'll do that.
>>> Hi, Andrew!
>>> I got the new files but I think your forgot to attach diffs for
>>> existing files.
>>> Because right now these are just standalone files and nobody uses
>>> them :)
>> I want to patch the branch step by step. If you agree that the new
>> interfaces can take the place of "PK11_GetBestSlot" in other files.
>> I'll modify them like pkikeys.c. Because they're standalone files,
>> so I think there is no diffs. :-)
>> Today, I'll patch other files and I'll provide the diffs. :-)
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec