[xmlsec] xmlsec-nss patches from Sun( 2003-07-22 )

Andrew Fan Andrew.Fan at sun.com
Tue Jul 22 19:48:50 PDT 2003

Aleksey Sanin wrote:

> Well, I am not sure that "GetBestSlot" should be replaced on the xmlsec
> level. It seems to me that this is crypto library (NSS) job. I wonder 
> what Tej
> thinks about that.

NSS has provided a set of functions to do the jobs. "GetBestSlot" is a 
preferable function in some situation, such as one crypto device 
environment. "GetBestSlot" provide the simplest way for simple 
application such as mail and ssl. I think, xmlSec will not only run in a 
so simple environment. One day, xmlSec will run in a complex crypto 
environment, such as a key management center or a distributed key 
management system, in which there are so many smart card to read and 
write, so many crypto machine and every crypto machine has more than one 
tokens. "GetBestSlot" will select one from all of those tokens. NSS do 
provides another set of functions operating in that environment, but it 
is not "GetBestSlot".  The new interfaces from the patch try to wrap 
those functions into simple ones. So I still think it is valuable.

BTW, "GetBestSlot" also can work in the above complex envrionment if the 
high level application adjust the behavior of NSS crypto modules. But it 
will affect all of other crypto related applications besides xmlSec. 
It's a bad choice, I think.

Anyway, I will respect you and Tej's viewpoints.

> Anyway, it would be great if you prepare a full diff. Much more simple to
> understand what is going on and how you are going to use these functions.
> Also I would appreciate if you can put comments with function 
> description.
> I use automated API docs generation tools and this is very helpfull.
> Look at any xmlsec source file for examples.

I'll do that.

> Thanks,
> Aleksey
>>> Hi, Andrew!
>>> I got the new files but I think your forgot to attach diffs for 
>>> existing files.
>>> Because right now these are just standalone files and nobody uses 
>>> them :)
>> I want to patch the branch step by step. If you agree that the new 
>> interfaces can take the place of "PK11_GetBestSlot" in other files. 
>> I'll modify them like pkikeys.c.  Because they're standalone files, 
>> so I think there is no diffs. :-)
>> Today, I'll patch other files and I'll provide the diffs. :-)
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list