On 2012-04-19 16:41, helpcrypto helpcrypto wrote: >> My "solution" to this is to treat all PKI-using applications as complete >> applications running in trusted code. W3C tries to do something different, >> we'll see how that pans out... > > Ok Anders, but you are -again- talking much about your protocol,
Dear HelpCrypto, I'm not pushing my protocol. I just don't think that web-pages should be able to directly address *any* device but the screen. If you take PKCS #11 it has a lot of methods and I haven't a clue how to warn/alert the user when a method is called in a way that makes sense. Since you typically need a bunch of calls in order to do something "pkcs11-ish" you would annoy the user with tons of warning dialogs. If Mozilla thinks this is viable solution I think it is (about) time to speak up! BTW, I don't think your English is that bad :-) I'm no pro either :-) Anders not > answering my question (or at least, i didnt get it as clear as water). > I think, this must be a communication problem between my spanish and > yours swedish (?). I really sorry for that. > > Im talking about something much more simpler: "Detect a card insertion > and be sure the card is doing the operation i requested". > > For example: > Within a browser, i click on "dear card, please, RSA sign this data" button. > > IIUC, you say "that should not be done" or "that is not good for ~ reasons". > And that is want to know. > > Why, if i request a certificate using a webpage (=generate keypair), i > cant control if the operation is performed within the card (not in > softokn)? > (Using latest build, i can do that operation, but i cant control where > is done...) > > Actually, if i access an untrusted SSL site, i see a warning "you are > about to enter on an untrested site..." > Why i could not see "this page wants to use the smartcard..." warning? > > Maybe, this discussion should be on private to avoid spamming > dev-tech-crypto list...? > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
