Yesterday thoughts:
Some policies say "Before signing, a preview of what is going to be
signed must be shown to the user".
If we use something like:
signedData=sign(key,dataToBeSigned)
this could show, for example, a pdf preview of what is being signed.
I love that idea, but what if i actually want to sign a bunch of documents?
for(i=0;iz10;i++){
signedData=sign(key,dataToBeSigned[i])
}
will show 10 previews, and thats horrible.
What about using another API instead?
signInit(key) //key to sign
signAdd(data) //one call for each document to be signed in this block
signFinal() //show a single preview for all documents in this
block and do signing (of approved/selected)
there could be also a sign wrapper like:
sign(key,data){
signInit(key)
signAdd(data)
signFinel() //preview & sign
}
BTW: i also realized that server signature validation requires public
key, so privacy issues relating public key are impossible to avoid.
Open to critics, comments and suggests, and a happy monday to all!
--
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
