To me cluelessness seems to be all over the map since nobody (including the people subscribing to this list), have bothered the least about what this thingy is supposed do, and how, and why.
I (incorrectly) thought that everybody in computer security knew that tokens usually are protected by PIN-codes, but <keygen> does not deal with such. I guess the idea that it is up to the user to decide what the policy including selecting "key strength". I have a feeling that there aren't too many banks or governments out there that would buy into this. Don't get me wrong, <keygen> was a necessity for Netscape in order to roll out their brilliant contribution to Internet security, the SSL protocol. Today the situation is rather different but many solutions are still at the 1997 level. Anders ----- Original Message ----- From: "Georgi Guninski" <[email protected]> To: "mozilla's crypto code discussion list" <[email protected]> Sent: Tuesday, September 22, 2009 23:13 Subject: Re: <keygen>- A Requirement Specification On Tue, Sep 22, 2009 at 10:35:47PM +0200, Anders Rundgren wrote: > http://lists.w3.org/Archives/Public/public-html/2009Sep/0043.html > > "It is extremely unlikely that Microsoft will ever implement support for > <keygen> > - we do not believe it provides value for our customers" > i don't have an opinion about <keygen> but i suspect m$ are so clueless it is a very safe bet to the opposite of what they do :) -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
