Re: Feedback on DOMCryptInternalAPI

Thu, 26 Apr 2012 04:16:00 -0700 

(couple of off the wall observations, 'scuse the fast typing...)



On 26/04/12 01:53 AM, David Dahl wrote:


I have experienced some issues regarding to encoding.
A page encoded in ISO send some data to a page encoded in UTF-8 which
signs...then, verify could not match.
So we decide to use base64 binary encoding for all operations. I
think
"plaintext" maybe its not the best option (or maybe im wrong)


Are you saying you base64 encode the data to be signed before the signature is 
created?
If you want the signature + document to be legally sustainable and/or user-interpretable, then plaintext signatures with embedded public keys are the way to go. You can base64-encode the public keys :) Some further development of this theme is at http://iang.org/papers/ricardian_contract.html
otoh if the signature is more a digsig of protocol import then any format will do. 



Will be possible to create a more complex sign-formats, like PKCS#1,
PKCS#7, XAdES, XML, PDF...?

Maybe i didnt understand it well, but Im REALLY concerned about your
public key handling. IIUC, a site could get access to the public key,
and i dont waht that at all.
My public key can contain my name, identity card or even my
address...i think this IS a privacy issue.


Public key as a privacy risk?
Public keys are less of a privacy risk, because they only evidence a repeat engagement. Certificates are a horrible privacy risk. Have a look at client certs and SSL - the servers can be configured to 'optional' which causes browsers to supply certs which include info ... the response to this is that browsers then have to ask the users for any use of a cert, else risk a privacy breach, which leads to unusability without quite sophisticated caching and matching. Which they don't have. 



I don't imagine we will have an address bound the the public key.
In some countries e.g., in Europe, identity (papers and registration of residency) is intimately bound with address. There are legal traditions and reasons for this which don't exist in the anglo world; it isn't reliable to ignore the difference by saying "we won't do that, then." Check out QCs, do they not have addresses? How then can legal obligations be fulfilled in certain countries? 




iang
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to