Perry Metzger wrote:
>Some parts of this description make me nervous. Why are PRIVATE keys
>being stored on a server, for instance?
It's still hard to give applets access to client-side data in a secure and
browser-independent way, but obviously this would be a great improvement.
>Why use SSL to send keys when you could use SSL to just send the data?
I think it's because the crypto library they are using (Cryptix) doesn't do
SSL yet ;) I presume the applet and its startup parameters can be transferred
over SSL by the browser, but the applet can't use that SSL pipe itself.
Ian
