June 21, 2007
Web2.0 and the Digital Signature
I've been doing some network security/PKI related stuff at work lately, and something is bothering me. It's how PKI user-space tools are done, and how web applications are pretty much messing up our trust metrics.
We've spent a lot of time and money developing these desktop tools for PKI use -- Mail clients with the ability to use certificates, browsers with the ability to use certificates, cryptoprograms with the ability to use certificates. Troubling now is the advent of the webapp.
Typically web applications "trust" the web browser and more particularly the web server. For client certification, a browser sends out a certificate request, gets a response, does whatever verification and lookup that it has to (OCSP/CRL), and then passes the token off to the web application. The web application has no way of re-verifying the certificate, or even verifying it in the first place (it has to rely on the certificate string that the web server passes to it).
Companies like Gradkell make signing applications. Applications could also be done in Java, but really who wants to run these kinds of things inside their browser? Java still feels too heavy. I feel like Javascript itself needs some way to interface with key management systems, though. Hm...
Post a comment
Further back...
ArchivesFriends and Family
Search
Previous Trips...
-
Hiking Mount Whitney, 2007 
Spring Break in West Virginia, 2005
New Year's in Paris, 2003-2004
Coming to America, 2003
Protesting in Berlin, 2003
Prague Bier-Tour, 2002
Dresden, 2002
Recent Reading
![]()
Stealing the Network
I first bumped into the Stealing the Network series when reading the exploits of Joe Grand, one of the book's many hacker authors.
The 'Stealing the ...' series of books follows a rather disparate group of computer hackers as they help a former NSA spook (many of them unwittingly) gather the money he needs to retire.
The stories themselves are not fantastic fiction. The writing is uneven and choppy, the characters are stereotypical and not very well thought-out. What is fascinating about this book series is the technical accuracy of the exploits (at some points *too* accurate, with screen shots and step-by-step instructions).
It's a great series to read if you're a system administrator, or just getting into the wonderful field of computer security.
Rated 
by reid
on March 06, 2011
by reid
on March 06, 2011
![]()
Close to the Machine
Ellen Ullman is one of those authors that somehow avoided my radar. Until now...
Close to the Machine is less a book than a collection of loosely related personal anecdotes from Ellen's time as a very rare thing -- a successful female bisexual independent computer programming consultant.
In the course of her work and relationship life, she learns hard lessons about programming, running a business, being lonely, and loving the wrong people. I found it particularly poignant being a crypto-nerd with difficult times in relationships and a more-or-less NDA'd, secret work life.
This book is a must-read for anyone into running their own business, programming, or anyone dating a person that is a business-a-holic or programmer.
Rated 
by reid
on November 23, 2009
by reid
on November 23, 2009
![]()
The Long Trip Home
I had the joy of dining with the author in Florida. We went to a little Brazilian BBQ where he spoke with our waitstaff in (what I can only assume was) flawless Portugese.
Brian Wyllie spent 1969-1971 living in Brazil working for the Peace Corps. His recent book outlines his trip back to the United States via Bolivia, Peru, and the Carribean chain, by way of bus, train, and sailboat. The format comes spattered with observations from the modern day, and makes me think, "this must be what John McPhee's journal looks like."
The trip sounded like a fantastic one, but I was left wanting more detail...where did the gun (being snuck through customs in a variety of places, no doubt) come from? And how did Geneve's hair smell? Alas, we'll have to wait for another book to find the answers.
Rated by reid
on April 16, 2009
by reid
on April 16, 2009