First: A succcessful, healthy and happy new Year ! 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that "running Firefox in "Safe Mode" when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ?
I do not want to be offending, but a simple "I think so"-answer does not satisfy most of the Firefox-Thawte Users, who wish a final and secure response. I would not like to "spread" a possibly wrong information, as that would not be a benefit for any Firefox user. 2. You (Kaspar) are right, we are "running code provided by someone else (Mozilla Corporation, in this case)". To my knowledge this code run is open source, right ? If so, I would not know there to be a "safer" code to use than one openly viewable by the public. (Except of course the one which is completely written by ourself. But the latter is not subject of discussion, I believe...) Thank you, 2008/12/31 Kaspar Brand <m...@velox.ch> > Fost1954 wrote: > > 1. Can I spread the message into the world that Running Firefox in "Safe > > Mode" when generating the key as well as requesting the Certificate with > > Thawte does securely prevent unnotified private key transmission ? > > I think so. Note that Thawte still uses the <keygen> tag, so disabling > crypto.generateCRMFRequest through prefs.js could also be considered > sufficient (keygen doesn't provide any escrow mechanism). > > > 2.What do you mean using the words "maximum reliability" in this context. > I > > am aware that there is no 100% security in life, but the words you use (a > > "maximum" of what !?) can mean a broad spectrum from "maximum, but poor" > > reliability to "maximum and really strong reliability"... > > In the sense that it's the maximum achievable reliability given the fact > that you're running code provided by someone else (Mozilla Corporation, > in this case). In the end, it's always a question of whom you trust - > but this would probably get us too much off-topic. > > Kaspar > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
