On 10 September 2013 11:36, Ted Lemon <ted.le...@nominum.com> wrote: > So I run Javascript provided by Comodo to generate the key pair. This means > that my security depends on my willingness and ability to read possibly > obfuscated Javascript to make sure that it only uploads the public half of > the key pair.
It's actually far worse than that when you consider the inherent mutability of JavaScript. The WebCrypto API should go a long way to addressing your concerns though.