timeless at gmail.com
Sun Aug 3 03:35:32 PDT 2008
On Thu, Jul 31, 2008 at 4:33 AM, Channy Yun <channy at creation.net> wrote:
> The national PKI system has own certificate issuing process to citizen with
> face-to-face meeting. And it requires to "submit ones client certificate"
> for e-government and financial transaction with "digital signature" per each
could you please provide example urls for this?
I'm not quite sure I understand why standard certificate challenges
are insufficient for this.
oddly, my own bank does something like this w/ a java applet, except
if i pretend to be a mobile client, it waves this stupid requirement.
> "submit ones client certificate" is traditional SSL authentication and
> "digital signature" is new requirement.
> In fact, ActiveX and Java plugin are needed for digital signature.
> If we can submit returned encrypted message in form via SSL, the technical
> requirement is sufficient for all national PKI system. Especially, Camellia
> (Japanese and European official cryptographic algorithm) already implemented
> in Open SSL for web browsers. Most of them is ready.
It seems NSS supports it too.
> server via SSL, web server can decrypt form data signed by client
> certificate and check validation and insured transaction by each country's
urls for these "laws" would be appreciated.
More information about the whatwg