Domů Procházet Nápověda
Přihlásit se
fphammerle
/
scute
1
0
Rozštěpit 0
Soubory Úkoly 0 Pull Requesty 0 Wiki
Strom: b80a85ece8
Větve Značky
scute
/
TODO

TODO 3.8 KB
Historie Surový

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. * Manual:
    2. 

  2. ** Some FIXME's which need attention.
    3. 

  3. ** The pictures in PDF output are blurry.
    4. 

  4. ** The pictures in info output do not exist.
    5. 

  5. 

  6. * Bugs or misfeatures:
    7. 

  7. ** Mozilla presents the other certificates in "Websites".  Only the
    8. 

  8.    first one is presented in the certicate manager under "Personal".
    9. 

  9. ** Mozilla does not unload the right security token!!!
    10. 

  10. ** Duplicate certificates should be removed from the object list (this
    11. 

  11.    can occur when including all certificate chains).
    12. 

  12. ** Windows: Find thread-safe replacement for localtime_r and timegm.
    13. 

  13. 

  14. * Missing features:
    15. 

  15. ** Implement random number generation function C_GenerateRandom.
    16. 

  16. ** Add canonical gnupg logging module.
    17. 

  17. ** Mozilla ignores the CKA_TRUSTED attribute to certificates, so
    18. 

  18.    exporting the information from GPGSM (ISTRUSTED) will not be
    19. 

  19.    useful.  It's unclear if this can be improved in a meaningful way.
    20. 

  20. 

  21. * Could be done better:
    22. 

  22. ** Search for grip/fingerprint directly instead iterating over all
    23. 

  23.    keys with GPGSM?
    24. 

  24. 

  25. * Standard ambiguities, or non-conformance in the applications:
    26. 

  26. ** If the token is removed, the current sessions are closed.  If then
    27. 

  27.    a new token is inserted, and the application calls C_OpenSession, a
    28. 

  28.    previously used session handle may be reused.  It is not clear what
    29. 

  29.    behaviour the standard specifies in this case.
    30. 

  30. 

  31. ** Mozilla NSS has this comment (and relies on the assumption):
    32. 

  32.   "check to see if the module has added new slots. PKCS 11 v2.20
    33. 

  33.   allows for modules to add new slots, but never remove them. Slots
    34. 

  34.   cannot be added between a call to C_GetSlotLlist(Flag, NULL,
    35. 

  35.   &count) and the subsequent C_GetSlotList(flag, &data, &count) so
    36. 

  36.   that the array doesn't accidently grow on the caller. It is
    37. 

  37.   permissible for the slots to increase between successive calls with
    38. 

  38.   NULL to get the size."
    39. 

  39. 

  40.   My reading of the spec is quite different.  I do not think it does
    41. 

  41.   say that the slot list can not shrink, at least it does not say
    42. 

  42.   explicitely.  Maybe it is a tacit assumption, because the interface
    43. 

  43.   is obviously broken if the list shrinks.  However, the spec says:
    44. 

  44. 

  45.   "All slots which C_GetSlotList reports must be able to be queried as
    46. 

  46.   valid slots by C_GetSlotInfo. Furthermore, the set of slots
    47. 

  47.   accessible through a Cryptoki library is checked at the time that
    48. 

  48.   C_GetSlotList, for list length prediction (NULL pSlotList argument)
    49. 

  49.   is called. If an application calls C_GetSlotList with a non-NULL
    50. 

  50.   pSlotList, and then the user adds or removes a hardware device, the
    51. 

  51.   changed slot list will only be visible and effective if
    52. 

  52.   C_GetSlotList is called again with NULL. Even if C_GetSlotList is
    53. 

  53.   successfully called this way, it may or may not be the case that
    54. 

  54.   the changed slot list will be successfully recognized depending on
    55. 

  55.   the library implementation. On some platforms, or earlier PKCS11
    56. 

  56.   compliant libraries, it may be necessary to successfully call
    57. 

  57.   C_Initialize or to restart the entire system."
    58. 

  58. 

  59.   Note the phrase "user adds or removes a hardware device" and "the
    60. 

  60.   changed slot list".  This implies that removal of a hardware device
    61. 

  61.   could lead to a shrinking slot list.  If this is true, then the note
    62. 

  62.   in the NSS code is incorrect, and the NSS code will break if a
    63. 

  63.   driver shrinks the slot list.
    64. 

  64. 

  65.   However, as long as the assumption is made, we have to comply.
    66. 

  66. 

  67. * Website:
    68. 

  68. ** Border picture does not tile vertically.
    69. 

  69. ** Border picture width constant hard-coded in CSS.
    70. 

  70. ** Nimbus font in logo SVG may not be available on all clients.
    71. 

  71. 

  72. 

  73. Copyright 2006 g10 Code GmbH
    74. 

  74. 

  75. This file is free software; as a special exception the author gives
    76. 

  76. unlimited permission to copy and/or distribute it, with or without
    77. 

  77. modifications, as long as this notice is preserved.
    78. 

  78. 

  79. This file is distributed in the hope that it will be useful, but
    80. 

  80. WITHOUT ANY WARRANTY, to the extent permitted by law; without even the
    81. 

  81. implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
    82. 

  82. PURPOSE.
    83.