[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Transaction PKI -The Browser Plugin "Silver Bullet"
Anders R wrote:
> http://www.arcot.com/docs/SAFE_TPOC_FS.pdf shows a carbon copy of what I
> have suggested as a suitable scheme for Transaction PKI. > Arshad responded: This architecture uses a plug-in. Our goal is to avoid
the use of a plug-in. Stephen wrote (in an earlier
message):
B. For client side PKI ... I got the
impression from your thread gentlemen that Anders' proposed method has an
extension where client side private keys are also accommodated. But Arshad
wishes to avoid extra plug-ins etc. I would agree.
But Arcot, the maybe 50 other vendors of web
signature SW, and myself for some reason have concluded (based on
the actual offerings), that the only way you can do web
signing using existing browsers[1], is by adding some kind of
browser extension usually in the form of an ActiveX control or Java applet
plugin.
Apparently the Application Guidelines SC have found
a "silver bullet" which the rest of the industry in spite of years of hard work
have not managed to do. Could you guys please enlighten us less
gifted souls a bit?
Note that XML Signature code has been available for
at least three years, and is thus not related to the fundamental problem (the
deliberately restrictive browser security model), referred to in
this posting.
regards
Anders Rundgren
Principal Engineer
RSA Security
1] To be fully correct: Mozilla
FireFox indeed supports a native, non-standard, and rather primtive
JavaScript signature function known as "signText()"
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]