good to speak about this - loud.
Currently I'm investigating Suns "Web Start". It is now included in J2SE 1.4.1_02. If it could live up to its promise you're able to install "browser independent plugins". This way you're able to surpass incompatibilities.
However one thing is missing though: For code signing purposes we need an independent trustworthy authority that signes keys if you are able to make the case that you are you. This service has to be free, sponsored by UN or worldbank.org, CCITT, SEI, nonprofit-internet-centers or so and controlled by some proven (as much as possible) CIA free commission.
I would appreciate to hear about such initiatives.
Rolf
Anders Rundgren wrote:
Please respond by e-mail in case you have a comment to the following.
Web (browser) PKI Standards - A study ----------------------------------------------
I have on behalf of a client, taken the liberty to investigate the state of client-side PKI support in web-browsers with respect to standards and interoperability. There were several reasons for performing this study, and a major such was that we have found that none of the pretty large Nordic e-government initiatives and on-line banks, actually use the browsers' built-in client-side PKI mechanisms at all, most of them rather rely on Java applets developed by various ISVs. The reason for this is very obvious:
============================================= Practically every aspect of client-side Web-PKI, ranging from on-line key generation and certification support to on-line (web-form) signing, is currently entirely vendor-dependent =============================================
Assuming that there will be billions of users of Web-PKI in a few years from now (here adding the crowd likely to use "The Mobile Internet"), it seems that there are quite a few things that need to be fixed.
Regards Anders Rundgren Independent Consultant, PKI and e-business + 46 70 627 74 37 (on CET)
_______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
