On Wed, Jul 13, 2011 at 2:17 PM, James A. Donald <jam...@echeque.com> wrote: > On 2011-07-13 9:10 PM, Peter Gutmann wrote: >> >> As for Microsoft, Opera, etc who knows? (If you work on, or have worked >> on, >> any of these browsers, I'd like to hear more about why it hasn't been >> considered). I think it'll be a combination of two factors: >> >> 1. Everyone knows that passwords are insecure so it's not worth trying to >> do >> anything with them. >> >> 2. If you add failsafe mutual authentication via EKE to browsers, CAs >> become >> entirely redundant. > > Indeed, if EKE is implemented in the most straightforward way, any page or > data that can only be accessed while logged in, is securely encrypted even > if accessed over http. > > Free browsers are supported by CAs. EKE enabled browsers would only be > supported by people needing secure logins, which form a less concentrated > interest, therefore an interest less capable of providing public goods. I believe Mozilla is [in]directly supported by Google. Mozilla has made so much money, they nearly lost their tax exempt status: http://tech.slashdot.org/story/08/11/20/1327240/IRS-Looking-at-GoogleMozilla-Relationship.
I was also talking with a fellow who told me NSS is owned by Red Hat. While NSS is open source, the validated module is proprietary. I don't use NSS (and have no need to interop with the library), so I never looked into the relationship. Jeff _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography