On 23 Jul., 11:09, Eddy Nigg <eddy_n...@startcom.org> wrote: Hi Eddy and list,
> > Hmm, here are my ideas: > > -integrate enigmail into TB. > > That's PGP, not x.509 certificates. We have a problem with trust > regarding PGP. Enigmail is an excellent extension for any user who wants > to rely on PGP keys. I'll combine my answer to this post and the ones below here. PGP/GPG has it's "web of trust". You say in the other post "the client software would still have to find a path to a trusted CA for PGP keys - something which doesn't quite exist.". A web with few points (i.e. users) is not good, I concur. That's why more users would be good. I think there is a fundamental question that needs to be answered by everyone themselves: do you think that it's better to implement something proper and "with all features" directly from the start and maybe shy away people because it's difficult to use or do you implement something very easy to use, build up a big following/user base and then deal with inconsistencies/unclean implementations. In other words: is it better to use a little more security easily or proper security hard to master? As an example: (AFAIK) DAP was there and defined everything, but nobody wanted to use it because it was too difficult to implement. Lightweight DAP (LDAP) left out quite a lot of stuff but made the whole thing implenetable - which is what is being used today. And then Microsoft comes along and embraces and extends the whole thing, combines it with kerberos and TADA - you have AD. My opinion is this: the web of trust is not the safest system I can thing of - but with key exchanges with friends over the phone and key signing parties at conferences the whole thing becomes more and more safe. Whereas I haven't managed to import the bloody p12 cert of the co- worker (see above). My conclusion from this is: better use the small part than nothing at all. > > -Integrate weave into TB. Can't the same keys be used there for > > encryption of the config data? > > I don't know weave, but do you really want to use certificates for > securing config data? Doesn't sound a good idea to me... Weave synchronizes your settings from FF over a server at mozilla so that all your FF's on your different computers have the same bookmarks, settings, plugins (?) and history. Your stuff is encrypted and stored on the mozilla server. For this encryption they create a new key for you when you register. There could be your GPG put to use so that you don't have to remember _yet_ another passphrase. > > -Use win key store on win. Both FF and TB. If a hw token is found ask > > the user if he wants to utilize it. > > And with it import all the potential problems of an operating system > too? I mean, then the application can't make an independent trust > decision really. Same fundamental question as above. I didn't manage (and my colleagues too) to have FF see a user cert below a CA where the CA is in the software store and the user cert came from a token. So no authentication with the token against a website. IE and windows cert store worked (maybe insecure?/more lax). Again my conclusion is: Being able to log in to a website with username and pass AND key is better than only with username/pass. > > -work together with gnome and kde folks, I just read that the work on > > a common key infrastructure (http://www.golem.de/0907/68458.html, > > sorry, german only) > > Yes, they've posted here their excellent ideas. But that's something > more on the OS/Desktop level. I haven't looked at the linux side of the whole problem yet - because that isn't pressing in my case. But maybe if you talk to all OS people you find that you can implement something OS independant because they all have this or that feature in common. Or you can tell them how the other OS does it and influence them or something. > > -work together with opensc folks. > > I don't see a problem here. I'm on the OpenSC lists too. OpenSC and NSS > implement the PKCS11 interfaces, there shouldn't be a problem of > interoperability. There were some bugs in the past, but I'm not sure if > any problem exists today. > Same as OS argument above. Regards, Udo Puetz -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
