[
Lists Home |
Date Index |
Thread Index
]
- To: <xml-dev@lists.xml.org>
- Subject: Re: [xml-dev] XHTML adoption curve
- From: "Peter V. Mikhalenko" <xml-dev@sigent.ru>
- Date: Thu, 18 Apr 2002 01:30:13 +0400
- Fl-build: Fidolook Express 2000 UIExt. BuildID: 3BC00FAD (7/10/2001 12:17:49).
- References: <3C552E6ED5B7DC4F8BF603C030BB70BF3E2EBE@HERMES.canada.corp.powermeasurement.com>
Yeah, convinced me...
:-))
DR> SSL can be used to provide authenticated transfer of the document,
DR> but it also involves encryption (expensive) and specific web server
DR> configurations.
DR> In contrast, a content developer could use their x.509 certificate
DR> to sign their HTML page during editing, so there are no specific web
DR> server integration issues -- the author of the document is
DR> seperately identified from the owner of the web site.
DR> By having signed documents in a browser, users can verify the author
DR> of the document without SSL. Companies with information, like
DR> etrade, might use this technology so people know the data they are
DR> looking at is real, not faked by someone who registered etrae.com
DR> etc. If the signing technology is available and big delivery firms
DR> like etrade can get value out of it, browser vendors are likely to
DR> support signature verification -- they already can deal with PKI
DR> anyway so the leap is not huge.
DR> X.509 certificates can be used for many PKI purposes beyond SSL -- I
DR> use free ones from thawte for secure email,they are used for code
DR> signing, etc.
DR> X.509 certs will be used for XML signing, so an XHTML module would
DR> be a good start.
>> -----Original Message-----
>> From: Peter V. Mikhalenko [mailto:xml-dev@sigent.ru]
>> Sent: Monday, April 15, 2002 5:17 PM
>> To: Doug Ransom
>> Subject: Re: [xml-dev] XHTML adoption curve
>> Hello, Doug!
DR>>> I thought of a little carrot that might help improve the HTML
DR>>> developer affinity for XHTML: Signed XHTML. If XHTML pages were
DR>>> signed in a specific manner with using x.509 based PKI, browsers
DR>>> could inform users they can trust the content of the page.
>> So what about SSL Certificates (using X.509)? Browsers DO inform
>> users they can trust the content of the page. Yeah, they are working
>> only in the transport layer, but I think it is a good idea to certify
>> the source, not the document.
>> __
>> Peter V. Mikhalenko
>> Lead Developer
>> Sigent Interactive Agency peter@sigent.ru
__
Peter V. Mikhalenko
Lead Developer
Sigent Interactive Agency
peter@sigent.ru
|
