• Korean e-commerce and e-banking works only in Internet Explorer, because it relies on an ActiveX control.
• "Other major browsers have resisted supporting ActiveX. Until now. Google Chrome has now decided to support ActiveX, but only in South Korea." - http://technode.com/2009/01/16/activex-regulations-in-south-korea-revisited/

• What is KISA's recommendation for what we should do?
• What are the current regulations? Are the current regulations still mandating SEED? (bsmith heard that these regulations were being relaxed in order to support smartphones and other novel computing devices.)
• Besides the KISA security ActiveX control, are these sites using other ActiveX controls? If so, for what purpose?
• Who develops the ActiveX control? The Korean government?
• Who distributes the ActiveX control? Do websites make it available to users? Is it pre-installed on Korean computers? Does the government offer it for download?
• What API does the ActiveX control implement?
• Can we develop a NPAPI plugin that is implemented in terms of the ActiveX control?
• What is the license for the ActiveX control? Could we bundle it with Firefox? Is the Korean government willing to open-source the ActiveX control?
• If we develop an alternative implementation of the ActiveX control's functionality, to emulate it, would we need to have that implementation certified by some government organization? If so, what is the process?
• Does the ActiveX control require the KISA government root CA certificates to be installed in the Windows certificate store?
• Is our current SEED support in PSM/NSS sufficient? Do we need to expand it? (This is easy to do.) Do we need to have it certified by KISA?
• Do we need to start trusting the KISA root CA certificates to enable this functionality? Are the KISA roots acceptable according to our root CA policy? If not, can/should we need to limit how we trust the cert and distribute it anyway? See also Bug:335197.
• How widely distributed is the ActiveX control? That is, how many sites rely on it?
• Of the sites that rely on this functionality, how many of them would otherwise work (partially or completely) in Firefox? That is, are these sites all so IE-centric that they would need major changes to work in Gecko?
• We need to have a user of a Korean banking site walk through the process of installing the ActiveX control and logging in/out of affected sites and making transactions in IE, so that bsmith and kaie can understand what is happening.

• Web Crypto API proposed by Channy Yun: http://html5.creation.net/webcrypto-api/
• open bugs 335197, 545577, 516913
• fixed bugs 478839, 453234, which added the base SEED support

 nsIXecurePluginInstance.BlockDec( xgate_addr, cipher));
 nsIXecurePluginInstance.BlockEnc ( xgate_addr, path,  "", "POST" );
 nsIXecurePluginInstance.BlockEnc ( xgate_addr, path,  escape(posting_data), "POST" );
 nsIXecurePluginInstance.BlockEnc(xgate_addr, "/", "", "GET");
 nsIXecurePluginInstance.BlockEnc(xgate_addr, path, escape(qs),"GET");
 nsIXecurePluginInstance.BlockEnc(xgate_addr,"/",plain,"GET");
 nsIXecurePluginInstance.BlockEnc(xgate_addr,PATH,, "GET");
 nsIXecurePluginInstance.DeleteCertificate ( escape(dn));
 nsIXecurePluginInstance.EndSession( xgate_addr );
 nsIXecurePluginInstance.GenerateCertReq( 1024 );
 nsIXecurePluginInstance.InstallCertificate(cert_type, cert );
 nsIXecurePluginInstance.LastErrCode();
 nsIXecurePluginInstance.LastErrMsg());
 nsIXecurePluginInstance.LastErrMsg();
 nsIXecurePluginInstance.PutBigBannerUrl( xgate_addr, bannerUrl);
 nsIXecurePluginInstance.RenewCertificate2( ca_port, ca_ip, ca_type + 256 , pwd_fail );
 nsIXecurePluginInstance.RenewCertificate2( crosscert_ca_port, crosscert_ca_ip, crosscert_ca_type + 256 , pwd_fail );
 nsIXecurePluginInstance.RenewCertificate2( koscom_ca_port, koscom_ca_ip, koscom_ca_type + 256 , pwd_fail );
 nsIXecurePluginInstance.RequestCertificate2 ( crosscert_ca_port, crosscert_ca_ip, ref_code, auth_code, crosscert_ca_type + 256 );
 nsIXecurePluginInstance.RequestCertificate2 ( koscom_ca_port, koscom_ca_ip, ref_code, auth_code, koscom_ca_type + 256 );
 nsIXecurePluginInstance.RequestCertificateEx2 ( ca_port, ca_ip, ref_code, auth_code,1 + 256 ,0,"","",1);
 nsIXecurePluginInstance.ShowCertManager();
 nsIXecurePluginInstance.SignData (xgate_addr,escape(accept_cert),escape(plain),show_plain,escape(sign_desc) );
 nsIXecurePluginInstance.SignData (xgate_addr,escape(yes_accept_cert),escape(plain),show_plain,escape(sign_desc) );
 nsIXecurePluginInstance.SignData (xgate_addr,escape(yes_accept_cert_bill),escape(plain),show_plain,escape(sign_desc) );
 nsIXecurePluginInstance.SignData (xgate_addr,escape(yes_accept_cert_sERP),escape(plain),show_plain,escape(sign_desc) );
 nsIXecurePluginInstance.SignData2 (xgate_addr,escape(accept_cert),escape(plain),option,escape(sign_desc),pwd_fail);