diff --git a/src/libopensc/pkcs15-piv.c b/src/libopensc/pkcs15-piv.c
index ec58ba7b..a564d241 100644
--- a/src/libopensc/pkcs15-piv.c
+++ b/src/libopensc/pkcs15-piv.c
@@ -512,7 +512,7 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
 		{ "3", "KEY MAN key", 
 				/*RSA*/SC_PKCS15_PRKEY_USAGE_DECRYPT | SC_PKCS15_PRKEY_USAGE_UNWRAP,
 				/*EC*/SC_PKCS15_PRKEY_USAGE_DERIVE,
-			"", 0x9D, "1", SC_PKCS15_CO_FLAG_PRIVATE, 1},
+			"", 0x9D, "1", SC_PKCS15_CO_FLAG_PRIVATE, 0},
 		{ "4", "CARD AUTH key", 
 				/*RSA*/SC_PKCS15_PRKEY_USAGE_SIGN |
 				SC_PKCS15_PRKEY_USAGE_SIGNRECOVER,
@@ -664,15 +664,17 @@ static int sc_pkcs15emu_piv_init(sc_pkcs15_card_t *p15card)
 		if (r < 0)
 			SC_FUNC_RETURN(card->ctx, SC_LOG_DEBUG_NORMAL, r);
 /* TODO
- * PIV keys 9C and 9D require the pin verify be done just befor any
- * crypto operation using these keys. 
+ * PIV key 9C requires the pin verify be done just before any
+ * crypto operation using the key. 
  * 
  * Nss 3.12.7 does not check the CKA_ALWAYS_AUTHENTICATE attribute of a key
  * and will do a C_FindObjects with only CKA_VALUE looking for a certificate
  * it had found earlier after c_Login. The template does not add CKA_TYPE=cert.
  * This will cause the card-piv to read all the objects and will reset
- * the security status for the 9C and 9D keys.
- * Mozilla Bug 457025 
+ * the security status for the 9C key.
+ * Mozilla Bug 357025 
+ * Mozilla Bug 613507
+ * on 5/16/2012, both scheduled for NSS 3.14 
  * 
  * We can not read all the objects, as some need the PIN!
  */