Anders Rundgren wrote:
Ian,
For me at least secure messaging means authenticated messaging as well.
Sure, your choice. For me, security is an overall economic equation.
Sometimes this suggests security as unauthenticated, encrypted
messaging, sometimes not :)
Here is the current Firefox solution to certificate distribution.
http://demo.webpki.org/mozkeygen
OK, that's nice! How does it authenticate from browser to CA? I guess
as Javascript downloaded it can include any cert if needs to talk to on
the server end? Is there a protocol from javascript to CA?
Or is there no need for comms-auth in that the javascript can check that
the signature over the new cert is validly as expected?
I notice the javascript doesn't insert the root key into the Authorities
list. Is that a choice, ommission, bug, anti-bug?
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto