Hi Alexander, Alexander Klink wrote: > Granted, if this is a "real" CA. But if you use it like in my PoC not > for the typical CA scenario, but for user tracking, you could put all > kinds of data in the certificate. > That's right. Still I believe that the generation of a private key and issuance of the certificate is pretty "noisy". However I agree, some explanation would be better. Obviously on a CA, this process is explained at the web site, but as in your scenario, the user isn't supposed to know a lot about it....There is something to your claim.... > Tracking visitors in an unnoticed way over several domains is typically > not as easy as this, I believe. > Well ,well... ;-) > I've actually tested that again and it also works in Firefox 1.5 - and > even "better" there, because the certificate installation does not show > any dialog at all. Right! In 1.5 no "Installation Message" appears, which in 2.0 has been corrected. I suggest to file a bug with the request to change the default settings for handling certificate authentication. Please send the bug number, so we can vote for it...
-- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
