[...] Enforcing cert/PKCS11 cleanliness is not a costless choice, personally I'd rather have a whole bunch of flakey chains and people using them to send emails that are at least encrypted than to not grant access to crypto tech [...]
Sorry, but if the chain is flakey, then the crypto tech doesn't deliver what it promises, and if people begin to really trust and make use of it, then it wont be long before it's abused.
And once it has been abused, it will never regain user's confidence, just like the abuses with Active X have ruined user's confidence, whatever step are taken now to secure them.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
