Fixing SSL (was Re: Dutch Transport Card Broken)
Bill Squier
groo at old-ones.com
Wed Feb 13 13:07:39 EST 2008
On Feb 11, 2008, at 8:28 AM, Philipp Gühring wrote:
> I had the feeling that Microsoft wants to abandon the usage of client
> certificates completely, and move the people to CardSpace instead.
> But how do you sign your emails with CardSpace? CardSpace only does
> the
> realtime authentication part of the market ...
We (Morgan Stanley) were able to pressure them into a rapid fix, and
they have committed to delivering it in SP1. Keep your fingers crossed.
> If anyone needs more information how to upgrade your Web-based CA
> for IE7:
> http://wiki.cacert.org/wiki/IE7VistaSource
Step (2), "On Vista you have to add this website to the list of
trusted sites in the internet-settings." can be quite unpalatable.
Depending on your customers' situations, an alternative might be more
palatable: Generate the key and deliver a PKCS#12.
This depends on whether you believe in the non-repudiation fairy or
not -- or more accurately, whether you're already assuming the
repudiation risk.
-wps
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list