[
Lists Home |
Date Index |
Thread Index
]
> -----Original Message-----
> From: Doug Ransom
> Sent: Wednesday, April 17, 2002 1:48 PM
> To: 'Peter V. Mikhalenko'
> Subject: RE: [xml-dev] XHTML adoption curve
>
>
> SSL can be used to provide authenticated transfer of the
> document, but it also involves encryption (expensive) and
> specific web server configurations. In contrast, a content
> developer could use their x.509 certificate to sign their
> HTML page during editing, so there are no specific web server
> integration issues -- the author of the document is
> seperately identified from the owner of the web site.
>
> By having signed documents in a browser, users can verify the
> author of the document without SSL. Companies with
> information, like etrade, might use this technology so people
> know the data they are looking at is real, not faked by
> someone who registered etrae.com etc. If the signing
> technology is available and big delivery firms like etrade
> can get value out of it, browser vendors are likely to
> support signature verification -- they already can deal with
> PKI anyway so the leap is not huge.
>
> X.509 certificates can be used for many PKI purposes beyond
> SSL -- I use free ones from thawte for secure email,they are
> used for code signing, etc. X.509 certs will be used for XML
> signing, so an XHTML module would be a good start.
>
>
>
> > -----Original Message-----
> > From: Peter V. Mikhalenko [mailto:xml-dev@sigent.ru]
> > Sent: Monday, April 15, 2002 5:17 PM
> > To: Doug Ransom
> > Subject: Re: [xml-dev] XHTML adoption curve
> >
> >
> > Hello, Doug!
> >
> > DR> I thought of a little carrot that might help improve the HTML
> > DR> developer affinity for XHTML: Signed XHTML. If XHTML
> pages were
> > DR> signed in a specific manner with using x.509 based
> PKI, browsers
> > DR> could inform users they can trust the content of the page.
> >
> > So what about SSL Certificates (using X.509)? Browsers DO
> > inform users they
> > can trust the content of the page. Yeah, they are working
> only in the
> > transport layer, but I think it is a good idea to certify the
> > source, not
> > the document.
> >
> >
> > __
> > Peter V. Mikhalenko
> > Lead Developer
> > Sigent Interactive Agency
> > peter@sigent.ru
> >
>
|