W3C home > Mailing lists > Public > public-xg-webid@w3.org > May 2011

RE: javascript crypto and smartcards

From: Peter Williams <home_pw@msn.com>
Date: Thu, 19 May 2011 15:06:47 -0700
Message-ID: <SNT143-w322106C90FA6BEEB078ADF928E0@phx.gbl>
To: <henry.story@bblfish.net>, "public-xg-webid@w3.org" <public-xg-webid@w3.org>

most of our certs are issued by a CA, that claims not to be one.
 
The reason I reject some of the implementations is becuase they are just CAs (while pretending not to be such). I tend to object to word play.
 
A self-signed cert has the same issuer and subject name, and needs NO data other than that enclosed within the signed matieral to verify. Otherwise, its a CA-signed cert (even if one changes the name of the issuer from CA to foo).
 
The point about self-signed certs is that one needs no proeprty of others to verify ones cert. Otherwise, some website WILlc claim copyright of their public key, and impose governance rules on WHO can verify the "not-self-signed certs". 
 
This is known as a CA. A CA's PRIMARY DUTY is key management (not identification, and name binding).
 

 
> From: henry.story@bblfish.net
> Date: Thu, 19 May 2011 23:43:29 +0200
> To: public-xg-webid@w3.org
> Subject: javascript crypto and smartcards
> 
> It's worth putting together a list of resources for people who would want
> to use javascript to sign things using keys located either in the keystore
> or in the a smartcard.
> 
> How to watch out for smartcard events:
> https://developer.mozilla.org/en/javascript_crypto
> 
> A bug on how to use a key in the keychain to sign things:
> https://bugzilla.mozilla.org/show_bug.cgi?id=403909
> 
> It does not work with self signed certs. But most of our certs
> are signed by the signer of all self signers. Is that a problem?
> 
> Those are Mozilla specific. They might or might not work elsewhere. Is this
> something that people would find useful to have standardised? Is it already
> that far?
> 
> Henry
> 
> Social Web Architect
> http://bblfish.net/
> 
> 
 		 	   		  
Received on Thursday, 19 May 2011 22:07:17 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 19 May 2011 22:07:18 GMT