Duane, Thanx for your comment. >I'm not sure if it's a suitable alternative, but one of the >authentication schemes built into browsers etc, allows you to >authenticate to websites via x509 client certificates, and you don't >need to have any modifications made to browser or server software to >achieve it.
Unfortunately not all service providers put an equal-sign between authentication and digital signatures. Although a digital signatures is in this context essentially "a better OK button", the process is in fact somewhat stronger as: 1. There is (should IMHO be at least) a standardized user experience 2. There is a cryptographic binding between the user's key/cert and the shown & signed document (as well as some other properties) Such SW (including consulting), yearly sells for hundreds of millions of dollars so there are some who wants this badly. The to date by far most ambitious effort is run by the Austrian government: http://www.buergerkarte.at They though left the browser out completely and insread rely on a local web-server + smart card application + http redirects. Other known WebSign efforts to date: Denmark: http://www.openoces.org Estonia: http://www.openxades.org regards Anders ----- Original Message ----- From: "Duane" <[EMAIL PROTECTED]> Newsgroups: netscape.public.mozilla.crypto To: <[email protected]> Sent: Tuesday, May 10, 2005 14:33 Subject: Re: Missing in FireFox: WebSigning Anders Rundgren wrote: > Hi Crypto-Mozillians, > > I wonder if any of you guys have any interests in making Mozilla > setting the standard for on-line signing (a.k.a. WebSign)? I'm not sure if it's a suitable alternative, but one of the authentication schemes built into browsers etc, allows you to authenticate to websites via x509 client certificates, and you don't need to have any modifications made to browser or server software to achieve it. We use this method verified against our root certificate + trapping the certificate serial number (which we can match against our internal database) to allow people to log into our website without needing a password. Ideally if you used some kind of pin number in conjunction with removable hardware this is a better option as you reduce risks etc... Sample of php code can be found on our website that utilises this feature. -- Best regards, Duane http://www.cacert.org - Free Security Certificates http://www.nodedb.com - Think globally, network locally http://www.sydneywireless.com - Telecommunications Freedom http://happysnapper.com.au - Sell your photos over the net! http://e164.org - Using Enum.164 to interconnect asterisk servers "In the long run the pessimist may be proved right, but the optimist has a better time on the trip." _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto _______________________________________________ mozilla-crypto mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-crypto
