Gervase Markham wrote:
Ian G wrote:
What happens if IangInsidiousIssues sells
certs with the crit in it saying $100,000 but
inside the crit text, there is a caveat saying
that the limit only applies if spent in my
shop buying my goods?
There's crit text too? It's not just a monetary value?
As far as I understand it, what is inside the
extension packets is open, *by definition*,
and they may or may not be marked with a
critical bit.
The crit indicates that this additional
extension packet must be understood by the
code or the entire cert should be rejected.
That means the packet is a code+data
extension; there can be data, there could
be text, numbers, logos, there could also
be code in there that is extracted and run.
Conceptually, at least.
So the task for the Euro cert in question is
that someone has to write some *code* to
interpret the extension packet. Then, Mozilla
can "legally" interpret the packet, and present
it to the user. Otherwise it should reject.
Which it does now, so according to the writing
of the RFCs, Mozilla is following the letter of
them; whereas other browsers are not.
What planet are these guys on? What are we supposed to do, run it
through a web translation engine?
It certainly opens a can of worms. I asked
around for any experience of these things,
but got no answers on the cryptography
group.
iang
--
News and views on what matters in finance+crypto:
http://financialcryptography.com/
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
