[xmlsec] another nss patch

Tej Arora tejbiz at aol.com
Thu Jul 24 09:24:39 PDT 2003

Andrew Fan wrote:

 > Now every thing seems clear and clean. We use NSS slot and certificate
 > database. And they are the only two open thing that shared with user on
 > top of NSS. User can control slot and certDB in order to get what he
 > want. So we can design a key manager with preferences slot list( if slot
 > list used) and CertDB. Finding every external key from a slot, and
 > importing every iternal created key into a slot, importing every
 > internal certificated read from xml document inot CertDB, and validating
 > every certificate in a certain certDB. XmlSec do not care how to build a
 > slot list and how to manage certDB, users will admin those by
 > themselves. That's what I think about.
 > Andrew


Everything you mentioned above, except the preferences slot list,
is already there in the code checked in.
a) the NSS db IS the cert, crl and key store
b) all certs/keys loaded from external sources (xml doc, file)
are loaded into the NSS db (as temporary objects, except crls
which become permanent objects)
c) users can admin certs/keys/crls directly in/out of nss db
and xmlsec app doesn't have to deal with it if it doesn't
want to


More information about the xmlsec mailing list