Is there anybody to answer to my/Kaspar Band's statement below, as to get a
final clarification ?:
1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to
confirm Kaspar Band's idea that "running Firefox in "Safe
Mode" when generating the key as well as requesting the Certificate with
Thawte does securely prevent unnotified private key transmission ?
I do not want to be offending, but a simple "I think so"-answer does not
satisfy most of the Firefox-Thawte Users, who wish a final and secure
response. I would not like to "spread" a possibly wrong information, as that
would not be a benefit for any Firefox user.
2. You (Kaspar) are right, we are "running code provided by someone else
(Mozilla Corporation,
in this case)". To my knowledge this code run is open source, right ?
If so, I would not know there to be a "safer" code to use than one openly
viewable by the public. (Except of course the one which is completely
written by ourself. But the latter is not subject of discussion, I
believe...)
Thank you,
2009/1/3 Kaspar Brand <m...@velox.ch>
> Daniel Veditz wrote:
> >> user_pref("capability.policy.default.Crypto.generateCRMFRequest",
> "noAccess");
> >
> > That may work now, but capability control for individual DOM properties
> > is gone in Firefox 3.1 betas for performance reasons.
>
> Dan, it's not a DOM property but a method of the Crypto object instead
> which gets blocked in this case - so your comment probably doesn't apply.
>
> I checked this configuration with both Firefox 3.1 (Beta) and trunk,
> where it worked as expected (throws an exception saying "Permission
> denied for [...] to call method Crypto.generateCRMFRequest").
>
> Kaspar
> _______________________________________________
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
