|
|
|
|
|
|
by blibble
4995 days ago
|
|
|
so by doing that you're still trusting the server not to send you evil Javascript that surreptitiously posts off your private key. it's exactly equivalent from a security perspective, unless you read every line of Javascript, in which case you might as well read the openssl manual instead and generate the CSR yourself. (note that there's a rarely used <input> keygen type, but to sign the CSR you'd need programmatic access to the private key, again defeating any security properties). |
|
|