- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 23 Feb 2016 07:46:16 -0800
- To: Mitar <mmitar@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 22 February 2016 at 21:42, Mitar <mmitar@gmail.com> wrote: >> You don't *need* a certificate to sign. WebCrypto is enough. > > You do. Because your certificate is signed by the state CA. And this > makes your digital signature legally equivalent to the normal > signature for almost any purpose. At least some countries in Europe > have such laws. You do not. The private key that you use to sign is not in a certificate. If the key pair that was used to generate the certificate is made available to WebCrypto, that is enough.
Received on Tuesday, 23 February 2016 15:46:48 UTC