canmove, Confirmed users
937
edits
Talk:NSS Shared DB: Difference between revisions
Jump to navigation
Jump to search
no edit summary
No edit summary |
|||
| Line 1: | Line 1: | ||
== Other issues with the current NSS database scheme == | |||
1. If the databases are corrupted, NSS malfunctions and our users don't know how to recover from bad database errors. | |||
== Review input required: is there a preference between a single DB file or separate key and cert DB files? == | == Review input required: is there a preference between a single DB file or separate key and cert DB files? == | ||
| Line 16: | Line 20: | ||
3. (Your response could go here) | 3. (Your response could go here) | ||
== Suggested changes for PKCS #5 PBE == | |||
1. Use a larger iteration count. It is [http://www.drh-consultancy.demon.co.uk/key3.html publicly known] that we use a low iteration count now. | |||
2. Use the standard PBKDF2 rather than our extension of PBKDF1 (PBKDF1Extended). | |||
3. Remember to perform integrity check (MAC) on the private attributes. | |||
== Comments on the proposed keywords == | |||
I suggest using '''sqlite:''' instead of '''sql:'''. | |||
== Review input required: Accessing the shared Database: which default would you prefer? == | == Review input required: Accessing the shared Database: which default would you prefer? == | ||
| Line 21: | Line 37: | ||
- (Your response could go here) | - (Your response could go here) | ||
== Comments on secmod.db == | |||
Steve Parkinson suggested that we replace secmod.db with a directory of text files, with one file for each PKCS #11 module. Then the records for different PKCS #11 modules can be easily added or modified independently. | |||
== Review Input Requested: Should we 'mark' old cert8/key3 databases as having been used to upgrade the shared database? == | == Review Input Requested: Should we 'mark' old cert8/key3 databases as having been used to upgrade the shared database? == | ||