Re: javascript crypto and smartcards

On 20 May 2011, at 00:06, Peter Williams wrote:

> most of our certs are issued by a CA, that claims not to be one.
>  
> The reason I reject some of the implementations is becuase they are just CAs (while pretending not to be such). I tend to object to word play.
>  
> A self-signed cert has the same issuer and subject name, and needs NO data other than that enclosed within the signed matieral to verify. Otherwise, its a CA-signed cert (even if one changes the name of the issuer from CA to foo).
>  
> The point about self-signed certs is that one needs no proeprty of others to verify ones cert. Otherwise, some website WILlc claim copyright of their public key, and impose governance rules on WHO can verify the "not-self-signed certs". 
>  
> This is known as a CA. A CA's PRIMARY DUTY is key management (not identification, and name binding).

The issue is a particular bug on Firefox. Perhaps it does not matter how the CA is signed... I did not look into it. If anyone knows.

>  
> 
>  
> > From: henry.story@bblfish.net
> > Date: Thu, 19 May 2011 23:43:29 +0200
> > To: public-xg-webid@w3.org
> > Subject: javascript crypto and smartcards
> > 
> > It's worth putting together a list of resources for people who would want
> > to use javascript to sign things using keys located either in the keystore
> > or in the a smartcard.
> > 
> > How to watch out for smartcard events:
> > https://developer.mozilla.org/en/javascript_crypto
> > 
> > A bug on how to use a key in the keychain to sign things:
> > https://bugzilla.mozilla.org/show_bug.cgi?id=403909
> > 
> > It does not work with self signed certs. But most of our certs
> > are signed by the signer of all self signers. Is that a problem?
> > 
> > Those are Mozilla specific. They might or might not work elsewhere. Is this
> > something that people would find useful to have standardised? Is it already
> > that far?
> > 
> > Henry
> > 
> > Social Web Architect
> > http://bblfish.net/
> > 
> > 

Social Web Architect
http://bblfish.net/