Bob wrote: "So it turns out even with crmf, escrow does not happen quietly. If the CA requests a key be escrowed, the user is notified:"
Sorry, Bob, but it becomes too technical for my knowledge, I do not know what crmf is, nor do I know what tokens etc.are, so speaking honestly: I do not understand your conclusion, even though the words "escrow does not happen quietly" sound positive. Could you or any Firefox developer/programmer answer to my question (see below): 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that "running Firefox in "Safe Mode" when generating the key as well as requesting the Certificate with Thawte does securely prevent unnotified private key transmission ? I do not want to be offending, but a simple "I think so"-answer does not satisfy most of the Firefox-Thawte Users,... Thank you ! 2009/1/7 Robert Relyea <rrel...@redhat.com> > Eddy Nigg wrote: > >> On 12/27/2008 12:44 AM, Subrata Mazumdar: >> >>> A related question: >>> Is it possible to configure the NSS Soft-Token associated with the >>> internal slot like smart-card based token so that the private key key >>> cannot be exported out of the token? >>> If not, would it be useful feature to support? >>> >> Even in the token case, this is only true if the key was generated in the > token. If 'key recovery' is turned on, NSS generates the key in softoken and > writes it to the token (after wrapping it with the escrow key). > > So it turns out even with crmf, escrow does not happen quietly. If the CA > requests a key be escrowed, the user is notified: > > > http://mxr.mozilla.org/firefox/source/security/manager/ssl/src/nsCrypto.cpp#1905 > > bob > > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto >
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
