Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

crypto to make a stronger statement about this. But those folks don't participate in this mailing list/newsgroup, so you'll have to ask the question elsewhere to get such an answer." Who else would you propose asking ? Thanky you, 2009/1/10 Robert Relyea > Fost1954 wrote: >

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

Bob wrote: "So it turns out even with crmf, escrow does not happen quietly. If the CA requests a key be escrowed, the user is notified:" Sorry, Bob, but it becomes too technical for my knowledge, I do not know what crmf is, nor do I know what tokens etc.are, so speaking honestly: I do not understa

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

Is there anybody to answer to my/Kaspar Band's statement below, as to get a final clarification ?: 1. Is there a dev-tech-crypto / Firefox developer/programmer who wants to confirm Kaspar Band's idea that "running Firefox in "Safe Mode" when generating the key as well as requesting the Certificate

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

y viewable by the public. (Except of course the one which is completely written by ourself. But the latter is not subject of discussion, I believe...) Thank you, 2008/12/31 Kaspar Brand > Fost1954 wrote: > > 1. Can I spread the message into the world that Running Firefox in "Safe &g

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

2008/12/29 Kaspar Brand > Nelson B Bolyard wrote: > > Fost1954 wrote, On 2008-12-27 06:54: > >> My personal question: Is this warning dialog really ALWAYS the case ? > > > > I think the question is: is there any way for a web site to suppress > > that dialog

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

2008/12/28 Nelson B Bolyard > > I think the question is: is there any way for a web site to suppress > that [private key transmission warning-] dialog? Yes: this should be the point. Having the certainty, that a "warning dialog cannot be suppressed" when a private key is to be transferred, Fire

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

Thank you: "[…] Unfortunately Thawte's enrollment interface does not work without Javascript. […]Thawte could silently change the behaviour of the cert enrollment web interface. […] to be 100% sure [the private key is not transferred] you have to check that every time you go through this process.

Re: Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

Thank you for sharing your thoughts, tests and results regarding the key/certificate generation process with Thawte. I think it is an essential and security-relevant question to be not "near 100%" but absolutely sure that there is no way of the private key to be transfered to Thawte or anyone! My

Security-Critical Information (i.e. Private Key) transmitted by Firefox to CA (i.e. Thawte) during X.509 key/cert generation

Dear Firefox Developers, I understand that this should be the right place to ask: Using Firefox we would like to generate Thawte X.509 E-Mail Certificates. When generating the Private/Public key pair using Firefox as well as requesting the certificate, we are logged in on the Thawte Website. *O