On 03/24/2009 06:24 AM, Kyle Hamilton:
One thing I'm missing....where comes the email control validation in?
This is where you get to upsell your service.
This is not something to up-sell, it's basic requirement for
certificates I think, otherwise there is no value with them. Up-selling
would be verification of the identity perhaps.
Once a public key goes
out, you can encrypt something specifically *to* it, and then only the
private key holder can decrypt it. If they decrypt it and you send it
only to that email address, you know that the holder of the private
key can read from that mailbox.
Ahhh, most likely this will never be part of a Mozilla product without
the validation.
Why are you making the assumption that only a single email certificate
is worthwhile or even desirable? (what if one of the roots is
yanked?) Why do you even think that making a choice like this is
something that will make the user happier?
I don't. Make multiple request, who cares.
Why not simultaneously
send certification requests to all of the CAs that Tbird supports
without having to have the user make a selection of which one?
That would be a bad idea IMO. I don't want a certificate from XYZ CA nor
do I want them to know anything about me. I'm happy to use ZXY and YXZ
CA however. I'd make simply another request through the same UI...
(Certainly, give the user a choice as to whether to do it, but also
mention that it's recommended that they go through this step to show
that they actually have control over the email address they're
claiming.)
Exactly.
Make some kind of automated certificate request protocol (this is the
CAs' job to push through PKIX, by the way) to request class-1
validation of a given email address that Thunderbird has already
verified that it can log into.
That's not good enough since the CA must retain evidence about the
verification too. At least StartCom would not issue such a cert and
refrain from participating I guess.
This way, you don't have to trust the
email program, you only receive an email address and a public key, you
send a specially-formatted message to the email address that
Thunderbird can auto-parse, have it decrypt the thing with the private
key, send another request with the same email address and the
encrypted nonce, and have it deliver the certificate.
Yes, this sounds better. We certainly could make those hooks easier and
even automate, agreed. I'd like to see support for such an idea and
involvement perhaps by Gerv and Johnath too. If it's going to be an
agreed standard procedure, allowing all interested CAs in NSS to
participate I must say it sounds interesting.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
