Labs/Identity/VerifiedEmailProtocol: Difference between revisions

Jump to navigation Jump to search

Labs/Identity/VerifiedEmailProtocol (view source)

Revision as of 17:26, 25 March 2011

44 bytes added ,  25 March 2011
m
→‎Certification: add directory server note to pubkey lookup
mNo edit summary
m (→‎Certification: add directory server note to pubkey lookup)
Line 198: Line 198:
The relying party, when it sees that a certificate is present, may choose to skip the retrieval of the user's public key by instead verifying the certificate. That flow would be:
The relying party, when it sees that a certificate is present, may choose to skip the retrieval of the user's public key by instead verifying the certificate. That flow would be:


# Resolve a site-level public key for the issuer by performing host discovery on the email in the certificate (for example, by performing an RFC XX "well-known" lookup on an HTTPS server)
# Resolve a site-level public key for the issuer by performing host discovery on the email in the certificate (for example, by performing an RFC 5785 "well-known" lookup on an HTTPS server, or talking to a trusted directory server)
# Verify the signature on the certificate using the public key
# Verify the signature on the certificate using the public key


Mhanson
348

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/293997"

Navigation menu