W3C home > Mailing lists > Public > public-webappsec@w3.org > February 2016

Re: Using client certificates for signing

From: Martin Thomson <martin.thomson@gmail.com>
Date: Tue, 23 Feb 2016 07:46:16 -0800
Message-ID: <CABkgnnVnBW82cE8s54jt_tkjLOTa21TF296N82MkR3WiC6KEtA@mail.gmail.com>
To: Mitar <mmitar@gmail.com>
Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On 22 February 2016 at 21:42, Mitar <mmitar@gmail.com> wrote:
>> You don't *need* a certificate to sign.  WebCrypto is enough.
>
> You do. Because your certificate is signed by the state CA. And this
> makes your digital signature legally equivalent to the normal
> signature for almost any purpose. At least some countries in Europe
> have such laws.


You do not.  The private key that you use to sign is not in a
certificate.  If the key pair that was used to generate the
certificate is made available to WebCrypto, that is enough.
Received on Tuesday, 23 February 2016 15:46:48 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC