On 9/1/09 13:02, Michael Ströder wrote:
Fost1954 wrote:
Bob wrote: "So it turns out even with crmf, escrow does not happen
quietly. If the CA requests a key be escrowed, the user is notified:"
Sorry, Bob, but it becomes too technical for my knowledge, I do not know
what crmf is, nor do I know what tokens etc.are, so speaking honestly: I
do not understand your conclusion, even though the words "escrow does
not happen quietly" sound positive.
Could you or any Firefox developer/programmer answer to my question (see
below):
1. Is there a dev-tech-crypto / Firefox developer/programmer who wants
to confirm Kaspar Band's idea that "running Firefox in "Safe
Mode" when generating the key as well as requesting the Certificate with
Thawte does securely prevent unnotified private key transmission ?
I do not want to be offending, but a simple "I think so"-answer does not
satisfy most of the Firefox-Thawte Users,...
I also do not want to be offending but if you're asking questions like
this you have to be prepared to understand the technical answers.
I actually appreciate the question, I stumbled across the very same
thing a couple of months ago, when the UI gave no clear indication of
what it had and had not done, including any security that the
keys-security model had been followed.
(I think the answer is no, but I'm wondering what others will say.)
Thinking about it, the way I would have gained confidence would be to
have one tool generate the key and the CSR, and then use another tool to
transmit the CSR and receive the cert.
I think it is fairly clear that the end-user has a great deal of trouble
asking questions. And when they are "on point" as this one is, there is
a great deal of trouble answering them!
iang
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
