Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread ianG
On 20/04/12 01:06 AM, helpcrypto helpcrypto wrote: Since you typically need a bunch of calls in order to do something "pkcs11-ish" you would annoy the user with tons of warning dialogs. False, just a warning to confirm the website can use the smartcard, and PIN/Password when needed. Yes, te

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread ianG
On 20/04/12 00:28 AM, helpcrypto helpcrypto wrote: I can see where this difficulty is, I've worked on smart cards and it is ... perverse. I'll see if I can explain it. As an aside I have no idea what the NSS people think, I'm not speaking for them, and they don't typically like what I say :) A

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread ianG
On 20/04/12 00:41 AM, helpcrypto helpcrypto wrote: My "solution" to this is to treat all PKI-using applications as complete applications running in trusted code. W3C tries to do something different, we'll see how that pans out... Ok Anders, but you are -again- talking much about your protocol,

Fwd: Feedback on DOMCryptInternalAPI

2012-04-19 Thread David Dahl
[Forgot to reply all] - Forwarded Message - From: "David Dahl" To: "Ehsan Akhgari" Sent: Thursday, April 19, 2012 3:09:45 PM Subject: Re: Feedback on DOMCryptInternalAPI Ehsan: This API will not interact with PB mode, except that it will need to store keys either in the NSS db or else

Re: Feedback on DOMCryptInternalAPI

2012-04-19 Thread Ehsan Akhgari
Hi David, What is your concern here with regard to the private browsing mode? It's not immediately obvious to me why and how this API should interact with the PB mode. Thanks! -- Ehsan On Thu, Apr 19, 2012 at 11:09 AM, David Dahl wrote: > Hello All: > > [I have cro

Feedback on DOMCryptInternalAPI

2012-04-19 Thread David Dahl
Hello All: [I have cross posted this message to dev-platform and dev-tech-crypto, perhaps we should discuss this on dev-platform as it has a larger subscriber base?]. I am just putting together a draft feature page for an internal API needed by the eventual DOM bindings for DOMCrypt (see: http

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread helpcrypto helpcrypto
> Dear HelpCrypto, I'm not pushing my protocol.  I just don't think > that web-pages should be able to directly address *any* device > but the screen. If that were true, many things (like JSS) should dissapear from MDN. Dont missunderstand. Im not complainning you or your protocol. > If you take

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread Anders Rundgren
On 2012-04-19 16:41, helpcrypto helpcrypto wrote: >> My "solution" to this is to treat all PKI-using applications as complete >> applications running in trusted code. W3C tries to do something different, >> we'll see how that pans out... > > Ok Anders, but you are -again- talking much about your

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread helpcrypto helpcrypto
> My "solution" to this is to treat all PKI-using applications as complete > applications running in trusted code.  W3C tries to do something different, > we'll see how that pans out... Ok Anders, but you are -again- talking much about your protocol, not answering my question (or at least, i didnt

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread helpcrypto helpcrypto
> I can see where this difficulty is, I've worked on smart cards and it is ... > perverse.  I'll see if I can explain it.  As an aside I have no idea what > the NSS people think, I'm not speaking for them, and they don't typically > like what I say :)  Apologies out of the way, onwards! This sound

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread Anders Rundgren
On 2012-04-19 09:21, helpcrypto helpcrypto wrote: >> (to me, that question makes no sense. users can't talk to smart cards. >> Only smart card readers and programs can. So what smart card reader and >> what program is doing this? A dumb smart card reader and a browser, >> following Javascript i

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread ianG
On 19/04/12 17:21 PM, helpcrypto helpcrypto wrote: (to me, that question makes no sense. users can't talk to smart cards. Only smart card readers and programs can. So what smart card reader and what program is doing this? A dumb smart card reader and a browser, following Javascript instructi

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread helpcrypto helpcrypto
> (to me, that question makes no sense.  users can't talk to smart cards. >  Only smart card readers and programs can.  So what smart card reader and > what program is doing this?  A dumb smart card reader and a browser, > following Javascript instructions from a website?  That'd be game over...)

Re: To NSS-Java or not to NSS-Java, thats the question.

2012-04-19 Thread helpcrypto helpcrypto
> My scenario is a billion+ community who haven't a clue what a CSP > is and never will.  They may not even know what a certificate is! > > A CSP-solution doesn't give the issuer any information about where and > how a key was generated.  The same goes for NSS, JCE, and PKCS #11. Developer *can* k