[cap-talk] A petname toolbar for Firefox
Ka-Ping Yee
cap-talk at zesty.ca
Fri Feb 18 22:11:06 EST 2005
On Fri, 18 Feb 2005, Jed at Webstart wrote:
> On Feb 18, 2005, at 8:36 AM, Ka-Ping Yee wrote:
> > There's one thing i
> > don't understand, though. Why do you store the petname keyed by
> > the root CA's fingerprint instead of the site's fingerprint?
> > (I see that you still use the domain name so that different
> > domains signed by the same CA are distinct, but i don't see why
> > the CA's certificate needs to be involved at all.)
>
> I'd be interested to know how Ka-Ping Yee figured the above out. It wasn't
> obvious to me. In the above case then it would seem that the Petname
> binding will still 'expire' when the CA certificate expires. E.g. it seems
> that many of the Verisign CA certificates expire in 2028. I guess your
> attitude is that if things last that long then you will be delighted?
I'm in the middle of implementing something similar, and i'm using
the preference registry for storing the site-identifier <-> petname
bindings. When i went looking to see where Tyler's toolbar was saving
this data, i discovered that he had done the same thing. It's a
natural choice -- Mozilla takes care of saving the preferences, so we
don't have to worry about writing files to disk. You can see the
entries by going to "about:config" in Firefox and searching for "pet".
The installer file (petnametoolar.xpi) is a zip archive containing a
.jar file (also a zip archive) containing the source code. A quick
glance at the code revealed that Tyler's toolbar is using the
fingerprint of the root CA.
-- ?!ng
More information about the cap-talk
mailing list