On 03/07/2010 11:23 AM, aerow...@gmail.com:
On Thu, Mar 4, 2010 at 6:42 AM, Eddy Nigg <eddy_n...@startcom.org> wrote:
I think it would make much, much more sense to use the OS store for
private keys across all Firefox versions !
Yes, and with a compromise of the system you'd also loose those
installed at
the Mozilla applications. Not nice :S
Well, no, not nice -- but with the fact that even your CA system will
only create a single certificate valid at a time per email address per
identity class (and only a single developer certificate, period), this
means that the user has to go through an arduous process to be able to
do more than a single thing with the certificates you offer. (As you
know, the more times a key is exposed to the world, the higher the
chance of compromise.)
But that's not really the same - the public shall be exposed and if
that's not good enough, the key probably shouldn't be used at all either.
I'm speaking about a system and key compromise of that specific crypto
store. It really hasn't much to do with exposure of the public key. But
- the best would be a hardware token anyway. :-)
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
