Re: gnome-keyring PKCS#11 config file /etc/xdg/pkcs11.conf[.defaults]
- From: Stef Walter <stefw collabora co uk>
- To: Nikos Mavrogiannopoulos <n mavrogiannopoulos gmail com>
- Cc: Dan Winship <danw gnome org>, "gnome-keyring-list gnome org" <gnome-keyring-list gnome org>
- Subject: Re: gnome-keyring PKCS#11 config file /etc/xdg/pkcs11.conf[.defaults]
- Date: Thu, 06 Jan 2011 07:09:06 -0800
On 12/22/2010 11:44 AM, Nikos Mavrogiannopoulos wrote:
> On 12/22/2010 07:41 PM, Stef Walter wrote:
>> Interesting. Well I was referring to use of the actual module path in
>> the URI. This would provide an airtight link between the URI and the
>> module that we actually want to use for the trust assertions. Do the
>> library-manufacturer, library-description and library-version URI
>> arguments provide the same hard to spoof connection between the URI
>> and the module?
>
> Given that we are not considering malicious modules being loaded, then
> they can be made to. It is the information from CK_INFO structure
> provided by each module and if each module/library provides sensible
> information, those can be used to distinguish between them.
Okay. I've now implemented support for library-description and
library-manufacturer in libgck, and am using them in the default
configuration file.
Cheers,
Stef
[Date Prev][
Date Next] [Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
