>>> I do understand the frustration you must feel in trying to get browsers >> to work closely with your national ID/Cert system. There are many such >> systems, and trying to create an API that works with your specific >> requirements, hardware and regulations is very difficult. The WG notes >> this by placing such efforts in the WG's "secondary features". >> This is a shame, but it is also a bit of realism as getting caught up >> in multiple varying national schemes may have stunted progress on a more >> generic API, which I feel is a first priority.
As usual, sorry for my lack of english, and thank you for your time and work. In one hand, I probably lost something in the translation of your answer, Martin's and Anders's, and I dont have your knowledge on this field. By far. In the other hand, Im one of your potential "customers" (I dont see users invoking sign operations, but crypto/egovernment developers adding "sign" button on web forms), and im expressing you -designer- what i need/pray for. In our case, im not talking about having issues working with "national ID/Cert system", but doing document signatures, which is done worldwide. IMHO, once we have a pkcs#11 interface to handle any smartcard, even installed cert using NSS softoken, and maybe a wrapper to mscapi...the only thing left is to use those certs stored "somewhere" with your javascript API. In other words: I like your "simple" approach, but i dont need it/cant use it, if you dont allow me to use installed certs/smartcard certs. If you make this possible, EVERY cryptographic web developer I know which does digital signature using a java applet, will move to this library, completely happy. BTW: what about the init-add-final for multiple signing without requesting password many times? Of course we also have issues related to keygen and getting certificates from CA, but this is another story which, in my opinion, will need something like Anders proposal, as you mention. But i want to repeat myself: we are talking about two different problems. ...we could also talk about bribery...whats your price? :P Happy weekend! -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
