Firefox does not send any private key. http://en.wikipedia.org/wiki/Certificate_signing_request provides a very good overview of what it does.
2008/12/24 Fost1954 <fost19...@googlemail.com>: > Dear Firefox Developers, > > I understand that this should be the right place to ask: > > Using Firefox we would like to generate Thawte X.509 E-Mail Certificates. > > When generating the Private/Public key pair using Firefox as well as > requesting > the certificate, we are logged in on the Thawte Website. > > Our security relevant question: > Which data is transmitted to Thawte during the Private/Public key pair and > > certificate generation process using Firefox (and Thawte) ? > > Does Firefox send to Thawte any form of "private" key during this process, > or > not ? > > If the private key was transmitted to Thawte, in theory a Thawte staff > member > > –would he gain access to the private key at thawte- could decrypt emails > encrypted by us, or sign an email in our names … > > We would be happy to understand better the key and certificate generation > process using Firefox (and Thawte), considering the security critical point > > > mentioned above. > > Thank you in advance, > Proud Firefox users > > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
