On 1/23/06, Nelson B <[EMAIL PROTECTED]> wrote: > AFAIK, *NONE* of the groups named above has *EVER* contacted the > developers of mozilla's crypto code (NSS and PSM) about this. > Just last month, we learned about the South Korean government's efforts, > not from that government, but from some South Korean users (IINM). > > I strongly suspect that these groups have never approached ANY browser > vendor. I doubt they approached Microsoft either. Many of these groups > have written their own ActiveX controls for MSIE, but have stopped short > of writing plugins/extensions for mozilla browsers. > > If the browser vendors are unaware of those efforts, it is because those > groups did not inform the vendors. IMO, it's not very bright for those > groups to design a plan that depends on integration with certain browser > products, and then never initiate the integration with those products. > > I think many of those governments are accustomed to their citizens > following every move they make, and they forget that browser vendors > in other countries aren't subject to them and don't monitor them. > > AFAIK, today, each of those groups named above have designed their own > solution that is not interoperable with any of the others. IMO, there's > no way that mozilla is going to implement 15 different countries' ideas > of how to do "web signing". Perhaps they should get together and start > to form a true standard regarding this. But they shouldn't expect that > browser vendors (whom they've never contacted) will do that for them, IMO. > > If one of them wants to *contribute* open source to mozilla, such a > contribution would be seriously considered, I think.
The problem is that international standards are formalized by the ITU, and this would be in the X.500 or X.600 series of documents. As far as I can tell, no such standard exists. I'm very leery of implementing any web-signing system until such a standard exists. Incidentally, I'm told that USSI requires a non-disclosure agreement to get a look at the specifications -- which makes it completely unsuitable as a strong-authentication protocol that can be implemented by the layman and forged by the open-source model. -Kyle H _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
