Neil,
First of all, thanks for your response.
On 24 Nov 99, at 14:02, Neil Costigan wrote:
mini-advert
To address the non-repudiation / SSL issue
We at Celo developed, over the OpenSSL libs, a web browser plugin
that allows a web content author to 'demand' that a user digitally sign
(using pkcs7/smime)
some data pushed out from a web server.
It is envoked by standard plugin activation embed tag.
The server then gets back via HTTPS POST an s/mime package of the
signed data for verification and (optionally) storage for later
non-repudiation.
Both software based certificates and a number of smartcard readers /
smart cards are supported.
We're supporting both IE and netscape.
Your product seems to be very close to what we're looking for.
There're a little (but needed!) point to take in account, though:
traffic matters. Data are files (up to 100kb) and comes from
the client. Server is Netscape Enterprise Server and this
long http posts have caused much trouble. Number of clients
is slowly increasing. Uploads concentrate in a very short
time interval.
It wouldn't be reasonable for our customers to send the data
back and then sign them, this would be to double the traffic
and some other problems about the application logic would arise.
I can think of some workaround involving server side, but then
we loose the advantage of choosing an external packaged product
instead of developing the solution by ourselves.
OTOH, it would be nice to provide the client with a signed
confirmation from the server telling them that data have been
received.
Any ideas?
The majority of current customers are using this to get their customers
to confirm/sign transactions passed through html forms.
We use the "file" tag in forms and there's a plugin to validate
the file in the client yet, in order to avoid traffic when the
data is clearly invalid.
BTW, as far as I know, the ActiveCard Reader (we use it) doesn't
allow access to more than one application concurrently. We've
had many problems with this issue trying to control the
reader from a plugin while Navigator is using it to retrieve
the stored certificate.
See http://www.celocom.ie for details and a download that one can try
against a test server we run.
We'll do it a try. Thanks again.
With best regards,
--
Nicolás Aragón
[EMAIL PROTECTED]
Departamento de Proyectos Avanzados
Software AG España
__
OpenSSL Project http://www.openssl.org
User Support Mailing List[EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]