[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: agsc-tpki-requirements.txt - Plugins
|
"3) The signing capability must be native in
the browser; i.e.
there must be no downloaded applets or locally installed plug-ins. Just as the browser natively performs crypto operations to establish an SSL/TLS session, it must so perform the signing/verification of the form-content in the transaction. The encryption/decryption capabilities must be native to the browser too;" That this is the long-term goal I believe nobody
could question. However, there is a voyage in between...
Assuming that the must in the first line should be
interpreted as an RFC-compliant MUST, this
precludes the use of locally installed
extensions (plugins) as a means to introduce, test, and, verify new functionality, before browser vendors
would include this code themselves.
If my interpretation above is correct, this requirement will be invalidated the very first day somebody commits to something practical. Even the browser vendors, would never even think about rolling out a really complicated thing as anything but as an extension (unless if it is not necessary due to internal changes in the browser). The final integration and QA could take 1-2 years to perform. Due to these considerations, I suggest that the
requirement document is updated by adding "long-term goal" to the existing
section.
BTW, please add a -00 to the file
name in case there would be an update. Versioning is
crucial.
Anders Rundgren
|
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]