OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pki-guidelines message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: agsc-tpki-requirements.txt - Plugins

"3) The signing capability must be native in the browser; i.e.
   there must be no downloaded applets or locally installed
   plug-ins.  Just as the browser natively performs crypto
   operations to establish an SSL/TLS session, it must so
   perform the signing/verification of the form-content in the
   transaction. The encryption/decryption capabilities must be
   native to the browser too;"
That this is the long-term goal I believe nobody could question.  However, there is a voyage in between...

Assuming that the must in the first line should be interpreted as an RFC-compliant MUST, this precludes the use of locally installed extensions (plugins) as a means to introduce, test, and, verify new functionality, before browser vendors would include this code themselves.

If my interpretation above is correct, this requirement will be invalidated the very first day somebody commits to something practical.  Even the browser vendors, would never even think about rolling out a really complicated thing as anything but as an extension (unless if it is not necessary due to internal changes in the browser).  The final integration and QA could take 1-2 years to perform.
Due to these considerations, I suggest that the requirement document is updated by adding "long-term goal" to the existing section.
BTW, please add a -00 to the file name in case there would be an update.  Versioning is crucial.
Anders Rundgren

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]