On Thu, Apr 26, 2012 at 12:32 AM, helpcrypto helpcrypto <helpcry...@gmail.com>
wrote:
Supporting smart cards in the spec and first implementations is not a goal,
however, I think a lot of the base work we are doing will help in a future
iteration. For instance, I hope that this Gecko 'internal API' will help
extension and browser developers to experiment with smartcards, crypto keys,
etc.
Really happy to hear. Keep us updated when some work is made!
Are you saying you base64 encode the data to be signed before the signature is
created?
No. Let me show you an example.
Consider you provide this API:
sign(keyId, data)
IMHO, the correct way of invoking wil be:
sign(1,"ZGF0YXRvYmVzaWduZWQ=")
Inseatd of (cause it can end in encoding translation problem)
sign(1,"datatobesigned")
For example, using iso-8859-1 and UTF-8 this string is not the same
"En España el Paragüas es invisíble"
This is what the unique tags on ASN.1 UTF8String and IA5String and
PrintableString and Shift-JIS and such are for, specifying the encoding.
Public key as a privacy risk? I don't imagine we will have an address bound the
the public key.
My X509 cert has my name, surname, identity ID...i dont want ANY site,
(except those requiring SSL client authentication like Tax ministry)
have any access to it.
My public key has a unique hash that could (easily) be used to track a
user. I dont want that either.
The certificate is not the public key. The public key is the only identity the
computer can comprehend, and the certificate is metadata about the key which is
(ideally) trusted for fiduciary work. The public key itself is its own
identity as well, so your point doesn't even rely on having a unique hash.
But! Here's someone who actually thinks like I do, that this information has
value, and therefore this information must be protected.
Fortunately, I have something for that. Behold: the Identity Trustee. This is a
certifier which would accept your current certificate and a newly generated public key,
both signed by both the certified keypair and the generated keypair. It would then sign
a certificate for the generated public key which says, basically, "I know who this
keyholder is, but I will only tell valid state authority."
This would permit site owners to discourage spam and vandalism by knowing that
they can hold the keyholder accountable if necessary, without disclosing the
keyholder's (your) identity to every site, and without requiring the same key
to be used on every site. Effectively, your public key would become your
pseudonym. And, this is not a usage which would have the potential to endanger
broad swaths of Mozilla's user base like the DigiNotar google.com certificate.
-Kyle H
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
