On 07/21/2009 03:04 PM, Udo Puetz:
Due to recent developments (US agencies spying on it's citizens, retention laws in germany and elsewhere, facebook, twitter and such becoming popular) people in the internet can be devided into two groups roughly. Those that give away ANY information about themselves for, well, nothing. And those that think about the implications of using google services and such because of the implicit data they give away. The first ones might convert if they get bitten by their openness (fired because of a facebook entry etc.). IF you want to do encryption (e.g. online banking) you fast realise that you need two (or more) factor authentication. And one of those is a hardware dongle because the rest is in your head or in your biometrics. Sooo, more and more people WANT to use hardware tokens (also because they are fairly cheap nowadays). So there is a very substancial market there. On "paper" it also looks as if quite a lot of devices are supported. opensc has a list of devices that "work" and you get windows drivers with every hardware you purchase. Why isn't there more focus on underlying structures? It's all nice and such if the url bar get's green if the SSL cert is "valid" (wasn't a SSL cert forged recently because MD5 has collisions?), but it's bad if thunderbird thinks an email is signed when it isn't. I dunno if I bark up the wrong tree here but it needed to be said ;-) And I think that mozilla has the knowledge (you guys), the ressources and the mental state to work on such a thing - even if other browsers would also benefit from this work.
Udo, that's all fine and understood. What are the improvements you think should be made to Thunderbird (and/or Firefox) besides what you claim to be a bug in TB? Is the bug the only thing which prevents hardware tokens and certificates to become mainstream?
-- Regards Signer: Eddy Nigg, StartCom Ltd. Jabber: start...@startcom.org Blog: https://blog.startcom.org -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
