Nelson B wrote: > Florian Weimer wrote: >> The universal client is not secure enough for most applications. As a >> result, the purported non-repudiation part of such signing mechanisms >> is potentially harmful to end users. > > Please elaborate.
I think what he means is that average computers today are so overrun by spyware and trojans that giving them a non-repudiatable way of authenticating transactions is actually a big risk to the user. I've certainly heard this from banks in the UK. They are developing portable smart card readers where users have to type numbers into the machine from the screen and type numbers back into the computer from the reader, just so they can have a secure platform for authenticating transactions. They are bypassing the client entirely. This, of course, is a usability nightmare. :-( Gerv _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
