Re: not really pgp signing in van
2013-09-10 16:48:42You go to a Web page that has the HTML or Javascript control for generating a keypair. But the keypair is generated on the end user's computer.So I run Javascript provided by Comodo to generate the key pair. This means that my security depends on my willingness and ability to read possibly obfuscated Javascript to make sure that it only uploads the public half of the key pair.
I think we're entering the tinfoil zone here. Comodo is one of the largest CAs around, with their entire income depending on people paying them to sign web and code certs because they are seen as trustworthy.
How likely is it that they would risk their reputation and hence their entire business by screwing around with free promo S/MIME certs?
Regards, John Levine, johnl(_at_)taugh(_dot_)com, Taughannock Networks, Trumansburg NY "I dropped the toothpaste", said Tom, crestfallenly.
smime.p7s
Description: S/MIME Cryptographic Signature
| Previous by Date: | Re: Last Call: <draft-ietf-spfbis-4408bis-19.txt> (Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1) to Proposed Standard, Douglas Otis |
|---|---|
| Next by Date: | Re: Practical issues deploying DNSSEC into the home., Olafur Gudmundsson |
| Previous by Thread: | Re: not really pgp signing in van, Phillip Hallam-Baker |
| Next by Thread: | Re: not really pgp signing in van, manning bill |
| Indexes: | [Date] [Thread] [Top] [All Lists] |