Hi Martin, <snip> >About the web based digital signature thread - that's even not so >important. There are other cross-platform and cross-browser means for >getting digital signatures (activex, java, upi) via the preferred >itnerface (cryptoapi, cdsa, pkcs#11)
Although I'm biased, the current schemes are in fact all over the map with respect to: - Input format - Browser activation - User process - Output format - Signature format - Signature validation - Multiple signatures - Attachment support - Media support - Encryption support Total cost for signature client SW has in Sweden alone to date approached $40M. The absence of a standard have forced the governments to create costly intermediary services for handing signatures. In a commercial multi-CA environment targetting more than one platform, there is no way for a government to require this and that. In Estonia you have settled on smart cards which simplifies _some_ decisions. However, in Scandinavia "we" have settled on soft certificates and then you run into a lot of new problems since the Microsoft solution for keygen and cert download simply is too bad for consumer usage. BTW, there is no real standard for this either.. The majority of systems in use today requires an NDA to be used which is another reason to address this space. I would be happy to cooperate with you in case you are interested! BTW, I have recently been contacted by the DoD and W3C regarding this topic so I believe the timing for a standard is actually pretty good. regards Anders Rundgren RSA Security _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
