Anders Rundgren wrote re USSI and browser digital signature schemes:
The NDA situation is indeed very bad for progress.
Then the question who is going to standardize such a thing?
ITU does not really deal with browsers, this seems to be more a W3C,
OASIS or IETF type of activity.
Note that the W3C previously had a working group on XML signatures:
http://www.w3.org/Signature/
but as far as I know none of that work was reflected in Mozilla-related
products.
There is also a new W3C group that is looking at browser authentication
issues:
http://www.w3.org/2005/Security/usability-ws/
with Mike Shaver representing the Mozilla Corporation and (by extension)
the Mozilla project on that group. This group may include in its scope
looking at SSL UI issues like those I've previously posted and blogged
about.
In my opinion there are other parts of the browser PKI support that may
need an overhaul, like on-line key gen and certification.
I don't disagree, the problem is going to be finding people and/or
organizations to work on these issues. As a Mozilla Foundation
representative I'd be glad to try to put you in touch with people at the
Mozilla Corporation or elsewhere who might be interested in these
issues, but I can't command the Corporation or Mozilla/NSS developers in
general to actually implement anything.
Frank
--
Frank Hecker
[EMAIL PROTECTED]
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
