World: r3wp

code signing certificates

if you post it, it won't install under IE now?

Otherwise, we'll go back to Thawte.

no, it won't install without a valid certificate.

(The vender certification process can take a lot of time... they 
have to verify that we are "good guys".)

So, we're probably locked into Thawte.

Otherwise it can take a week.

has it been tested under IE7 as well?

No, I don't have it installed...if someone does, please tell me how 
it goes.

graham, how do i register for an account with your chat program?

at the login page, there's a register button.

I guess Eliza wasn't too helpful?

no ha ha that was funny

We're trying to get the mozilla stuff posted. That's not packaged 
for installation yet (that's 5% of the missing 10%).

But you can copy the files to FireFox\plugins, so it's not that hard.

OK, so I want to get a discussion started. What do you guys want 
to see in the next version of the plugin?

well, I'm not sure what the level of ambition is for the next version?

1.3.2 is going out as-is, just an upgrade to the latest rebol viewdll.

but at some point it'll be essential to run encapsulated scripts 
and use secure connections

1.3.3 is a feature upgrade, so i'm open to ideas...as long as it 
doesn't rely on something in rebol 3, we can look at it.

is it in any way tied in with the SDK? is it possible to do /pro 
or /command stuff?

Not sure on that, I need to check with Carl....I think I understand 
your overall question though, can we make a version of the plugin 
that supports pro/command right?

I need the plugin for an application that could potentially be used 
for a few thousand users in an open enterprise environment, but signed 
scripts and security are essential there.

got it. we'd have to look at some sort of licensing.

maybe have rebol in the plugin download a license from a web server 
or something like that.

we'd have to figure out a way to prevent others from using your license.

A way to protect plugin source code

A way to add higher order encryption

is a must...

in short, we have to make sure that the right users are running the 
script and only those users have access to data (customers, accounting, 
etc.)

encrypting the source?

I want my medical client to run in the browser as well.

Encrypting the source code? encrypting network traffic? both?

so need ssl if possible.

both.

if my plugin needs to pull my gmail email .. I need ssl.

got it.

SSL is not necessary if you're using REBOL on both sides.

But, if you need to access non-REBOL, I can see the need.

the x-internet is encrypted now.

I had this (wild?) idea that the plugin would be able to run normal 
rebol scripts, but with signed scripts encapped with the SDK would 
turn the same plugin into /Pro or /Command. I'm just brainstorming, 
but that would be a nice way to keep everything within one plugin. 
I don't know...

That's what we called /Platform.

Carl, can we do that?

But, there is always an issue about how you obtain the first keys.

Carl, one thing I thought about is how do you convince a user that 
the security in the plugin going through the webbrowser is trustworthy 
when the SSL icon in the browser window is not on? they might think 
that nasty stuff could be going on in the background. I think there 
needs to be some kind of indication that the script currently running 
is really secure.

we can add some kind of indicator, that shouldn't be a problem.

one issue is size. do we distribute /pro/view to everyone, and make 
everyone download a bigger file? or do we have two different plugin, 
two different sizes?

Anyway, there should be some way to get the above working. We already 
do most of this in IOS.

It may require a certificated authentication server that stores the 
license keys.

Because, unlike IOS, we cannot rebuild the executable binary each 
time.