Hi, > Nit: PKCS #11 is not a networked API, but implementations can access remote > devices. > > That how usually remotoe HSM are used, right?
Some HSMs are network connected, in which case the PKCS #11 API will conceal a remote conncetion. Other HSMs are plug-in cards for a system bus like PCI or USB. > > how the user "select the key container". In other words: how i select my > > certificate and not the one from my neighbourgs ? > > * CKA_ID and/or CKA_LABEL attributes > * multiple slots / tokens, sometimes called "partitions" of your HSM > > I know PKCS#11 internals, and i know how i can (as developer) select a cert, > but still cant see how this is done in a "transparent" browser. > The browser request GetSlotList (so every slot should be returned) and all > certificates are shown? All those that are visible to the authenticating user and in the slot/token that you setup. > I dont know if you see my point: how to link "account" with partition? By configuring its token name in the browser, and/or by access control. I am not sure if / how browsers will let you specify the token though. -Rick_______________________________________________ Opendnssec-user mailing list Opendnssec-user@lists.opendnssec.org https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
