[whatwg] Signatures

timeless timeless at gmail.com
Sun Aug 3 03:35:32 PDT 2008


On Thu, Jul 31, 2008 at 4:33 AM, Channy Yun <channy at creation.net> wrote:
> The national PKI system has own certificate issuing process to citizen with
> face-to-face meeting. And it requires to "submit ones client certificate"
> for e-government and financial transaction with "digital signature" per each
> signature.

could you please provide example urls for this?

I'm not quite sure I understand why standard certificate challenges
are insufficient for this.

oddly, my own bank does something like this w/ a java applet, except
if i pretend to be a mobile client, it waves this stupid requirement.

> "submit ones client certificate" is traditional SSL authentication and
> "digital signature" is new requirement.

> In fact, ActiveX and Java plugin are needed for digital signature.

> If we can submit returned encrypted message in form via SSL, the technical
> requirement is sufficient for all national PKI system. Especially, Camellia
> (Japanese and European official cryptographic algorithm) already implemented
> in Open SSL for web browsers. Most of them is ready.

http://boblord.livejournal.com/16968.html

It seems NSS supports it too.

> server via SSL, web server can decrypt form data signed by client
> certificate and check validation and insured transaction by each country's
> law.

urls for these "laws" would be appreciated.



More information about the whatwg mailing list