Dear Firefox Developers, I understand that this should be the right place to ask:
Using Firefox we would like to generate Thawte X.509 E-Mail Certificates. When generating the Private/Public key pair using Firefox as well as requesting the certificate, we are logged in on the Thawte Website. *Our security relevant question:* Which data is transmitted to Thawte during the Private/Public key pair and certificate generation process using Firefox (and Thawte) ? *Does Firefox send to Thawte any form of "private" key during this process, or not ?* If the private key was transmitted to Thawte, in theory a Thawte staff member –would he gain access to the private key at thawte- could decrypt emails encrypted by us, or sign an email in our names … We would be happy to understand better the key and certificate generation process using Firefox (and Thawte), considering the security critical point mentioned above. Thank you in advance, Proud Firefox users
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto