Udo Puetz wrote: <snip> >P.s.: I haven't seen anything on the main page of this group that it >shall only deal with NSS. Maybe Nelson or someone could write that >into the description of this group.
There is no Mozilla-list for discussing high-level aspects of PKI-using applications like TB and FF. That's why EU government and banks pour more money in proprietary developments of PKI-clients than all browser vendors put together since they have nobody to "talk to". It's not the NSS team's fault, it is rather the fact that it is very hard crossing all the borders needed not actually get anywhere. That 90% of all e-mail comes from fake addresses is an indication that most developers are more interested (and competent) in low-level stuff like ASN.1, TCP/IP and cryptographic algorithms, than in fixing bigger issues. Security experts also tend to believe that if it doesn't go for 100% isn't worth dealing with, then it is better with no security. Authenticated e-mail had been close to a non-brainer if domains had been required to sign outgoing messages reusing the existing web-server PKI. But then the "experts" came running and said: "you can't be sure that the person is authentic". No, but that is likely to be in the interest of the majority of e-mail server owners so it is of course solvable using traditional forms of user authentication. Pragmatism is a bad word? Apparently yes. Anders -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
