- From: Richard Barnes <rbarnes@bbn.com>
- Date: Fri, 17 Feb 2012 14:46:45 -0500
- To: Anders Rundgren <anders.rundgren@telia.com>
- Cc: Ron Garret <ron@flownet.com>, public-identity@w3.org
Signing, by definition, uses private keys, which are associated to X.509 certificates; you cannot, however, sign something with a certificate. To address your problem directly, there are a number of problems with signText(), mainly around the assumptions it makes: -- The signing key is implicit (the key corresponding the client certificate used to load the page? a smart card key?) -- The thing being signed is a DOMString, when it should be something like an ArrayBuffer Note that the latter fix would also address your concerns about digital signature formats. If you can sign octets, then you can implement PDF signing or XAdES. --Richard On Feb 17, 2012, at 2:15 PM, Anders Rundgren wrote: > On 2012-02-17 20:00, Ron Garret wrote: >> > <snip> >> It is possible that the solution to all our problems is simply to document signText. > > I just mentioned that there are a bunch of "standards" out there already. > > If I were to create a standard I would begin with researching these to see > if there is something worth stealing :-) > > https://github.com/daviddahl/domcrypt/blob/master/demos/demo.js#L47 > > I don't know how window.mozCipher.pk.sign works but signText(v1996) uses X.509 > certificates which I believe what is generally requested. > > Anders > > > > > I doubt it, but if you disagree the way to resolve the dispute is not to argue about it but to go write some documentation. >> >> rg >> >> >> > >
Received on Friday, 17 February 2012 19:47:18 UTC