Nelson Bolyard wrote:
Eddy Nigg wrote:
On 11/19/2008 05:52 PM, Anders Rundgren:
In the meantime, wouldn't it be of some value if Mozilla tried to
satisfy a PKI-
related activity that in number of users, already is much bigger than
S/MIME,
i.e. the concept of "Web Signing"?
What is this supposed to be? Perhaps I missed it?
I think this is a reference to the action historically called "form signing"
(or more accurately "form post signing") in Mozilla. It's a way to sign the
data being sent in to a web server with the user's private key, as the data
is being sent.
[..]
There are some fundamental issues with this stuff, such as, how does the
user know what he's being asked to sign? How does he know that he's not
being asked to sign a document conveying the deeds for all his real property
to the web site owner? In some countries where digital signatures have the
full force of law, just like a real signature, this could be a serious issue.
Yupp. Glad you already wrote what I wanted to say. When thinking it to
the end it even gets more messy than the S/MIME stuff. Especially since
web designers and marketeers come into the way when talking about the
user interface.
I'm personally wary of efforts that push to make it possible for users to
make such legally effective signatures without solving the problems of how
to protect the user.
The German signature law and the accompanying directive tried to protect
the user by specifying minimal requirements for the signature process
and components used. I guess that's what Anders calls "(German
nfluences...) monstrosity" in his other posting.
Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
