[Fedora-directory-devel] coolkey information and license

Andreas Jellinghaus aj at dungeon.inka.de
Wed Aug 27 07:03:25 UTC 2008 

Hi,

first some question about coolkey:
is the windows CSP coolkey specific, or is it (as it looks from many miles 
away) a generic CSP to PKCS#11 bridge?

the csp code mentions Identity alliance all over the place - is this the
ID Ally CSP now open sourced? (it worked always fine for me, so an
open source release labed as coolkey would be great).

The fedora directory server wiki page on coolkey doesn't have too many
details on what each component exactly does / how it is implemented.

For example:
 - the windows CSP: generic or tied to the coolkey pkcs#11 module?
 - the java card applet: generic or only working on cyberflex cards?
   how is it uploaded? with gpshell? maybe include instructions for
   doing this, or refer to some tutorial?
 - the java card applet: what API does it implement? I guess not a
   filesystem with pkcs#15 structures, but some proprietory simple api?
 - is the source code of the java card applet open source too? where
   can people find it?
 - how is the card managed with this applet? e.g. does it implement
   a single user or a security officer plus normal user combo?
   or is it flexible to do both?
 - the windows makefile: what build environment for windows does it
   expect? (oops, found the wiki page with the windows build instructions,
   thanks, solved)
 - what is the job of the "cspres.dll"?
 - what is the job of th "regcerts.exe"? when/how does a user need to
   start it?
 - does the pk11install.c work with all versions of mozilla firefox,
   thunderbird and netscape? if so, it would be very interesting for
   other projects with pkcs#11 modules too. what does it exactly?
   (modify config file? databases? ...) is it important to have firefox etc.
   running? or to have it not running? etc.
 - the ChangeLog file is mentioned in the spec file - thus I guess it gets
   included in the rpm? this is not needed (the file is empty)
 - the coolkey.spec sets the license to LGPL which is not 100% correct
   (see below)
 - the coolkey.spec file uses "PKCS#11" without mentioning 
   "RSA Security Inc. Public-Key Cryptography Standards (PKCS)"
    which could be a license violation (see below)
 - the pkcs11.h file has a different license clause than the usual file.
   I wonder where you got this, did RSA ever released a file with the
   spelling error "In.c"?

last the license: some web sites assume the software is LGPL. but the
PKCS#11 header files used - even the copy from mozilla source - is
not, it includes the RSA disclaimour, which is similar to the BSD advertising
clause, but worse because of its very vague formulation ("all material" etc.).

Scute has a PKCS#11 header file written from scratch by using public 
information thus not tainted by any RSA license. opensc and a number
of other open source projects switched to using this header file (released
as public domain). maybe this is a viable solution for coolkey too?

(same pkcs#11 header files in coolkey and the windows/csp directory.)

Regards, Andreas

More information about the 389-devel mailing list