Fost1954 wrote, On 2009-01-12 18:23 PST: > Thank you, > ecellent dickussion and conclusion we arrived to. > > I understand the general consensus is that the statement about > unnotified key transmission to Thawte is correct, saying: "I know of no > way", rather than "there is no way". (As Nelson Bolyard wrote). > > We are all aware that there is no 100% answer (as always in life), but I > assume your knowledge has some weight. > > This answer I think is acceptable and worth posting in other Forums > (e.g. Thunderbird and/or Firefox, where this answer yould not be given). > If you allow me I would cite some of our conclusions given here. Are > there any privacy-concerns about citations ? (I will not post any > E-Mail Adress). Please let me know. > I will not do any citation if you do not want it.
All discussions in this list are very public. You can find this thread at http://groups.google.com/group/mozilla.dev.tech.crypto/browse_frm/thread/e885d0624ab4ffe9 and http://www.nabble.com/Security-Critical-Information-%28i.e.-Private-Key%29-transmitted-by-Firefox-to-CA-%28i.e.-Thawte%29-during-X.509-key-cert-generation-tc21170221.html and probably elsewhere also. I think you can cite those without any permissions. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
