Udo,
I believe the whole area of on-line provisioning is very immature.
MSIE's Active X c**p in Vista is an indication that Microsoft is no
better than Mozilla.
Although few folks in this list do not acknowledge it, the really big
users of on-line
provisioned PKI (in the EU) do not use the existing (all-over-the-map)
browsers solutions, they
rather use something they have developed themselves and often in the
form of Java applets.
cheers,
Anders
Udo Puetz wrote:
Hi List,
I've just tried to reproduce the error with vista and ie7. I wasn't
able to create the cert in the popup-window of thawte because the
error message that the active-x has to be enabled (at the top of the
browser window) wasn't accessible because the (new) popup from thawte
was "overlapping" it... And I really lost my nerve with IE then.
Because the co-worker nevertheless should get her cert I tried to
create the mozilla cert with thawte. I managed that and later
downloaded the mycert.spc. I then tried to import that into a) windows
cert store, b) firefox cert store and c) thunderbird cert store. It
never showed up under the "my certs" in any of a), b) or c) and that's
where I gave up.
<rant mode>From a usability point of view I would consider the WHOLE
thing to be a nightmare. I intended to write up a howto, gave that up
now for the time being.
And by the way: ASN1, PKCS#7, PKCS#12. Who was the (pardon my french)
braindead person to name these things? I could probably learn the
difference (I know lots of other 3-4 letter acronyms) but guess what I
hear when I try to remote-debug a call from a luser when I tell them
to give me the PKCS#12 cert...?</rant mode>
Anyway, thanks for your efforts, I consider the whole thing for the
time being as not usable and recommendable.
Regards
Udo Puetz
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
