Nelson Bolyard wrote:
To the second question: we currently don't use any service, and in the future, we will support multiple services and methods as described in the paper.Amir Herzberg wrote:
We have created a Mozilla extension that creates a secure, Trusted Logo and Credentials Area, which displays logos and other credentials of the site.
- From where does your extension in the client obtain that information? - Does it use a central service through which it obtains that information?
To the first qeustion: we obtain the public key (and other SSL parameters) from Mozilla. We then check if we already know that public key (site), if so, we present the confirmed logo stored locally. If this is the first visit to this site (or a site with this key), we currently ask the user to select the logo. However, the design in the paper, which we are implementing, is that we'll also allow the user to approve some special Certification Authority (which we call Logo Certification Authority) to sign the matching of logo to public key, which makes the credentials. In this case, we can obtain the logo certificate (binding logo or other credentials to public key) from the site itself, from the CA, or from other `web directories`.
Best, Amir Herzberg See papers, lectures etc. at http://AmirHerzberg.com _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
