task to investigate whether the newly improved <keygen> can do all we want it to do, including key archival for both RSA and ECC keys, and then later DSA keys as well.
On 04/01/2013 03:19 PM, Robert Relyea wrote:
On 04/01/2013 02:46 PM, Brian Smith wrote: See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and See https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest My understanding is that <keygen> is supposed to replace window.crypto.generateCRMFRequest. So keygen was first, window.crypto.generateCRMFRequest() was made to fix some issues (and get some features like key-recovery). The new effort in <keygen> I think was meant to address those issues. I have no idea how common window.crypto.generateCRMFRequest is. Is it obsolete? Should it be removed? Does anybody have a link to a site that is using it for its intended purpose? If it is obsolete, I would like to remove it ASAP. I'm pretty sure it's still used by produces like this one: http://pki.fedoraproject.org/wiki/PKI_Main_Page I don't think you can remove it for a while. Server deployments lag client features by quite a few years. Servers don't implement new features supplied in clients until they are release. This type of feature isn't quite like a normal html feature, where you can update a .hmtl file or a content manager macro. These tags are usually tied more closely to the servers that use them. More generally, I would like to remove all the Mozilla-proprietary methods and properties from window.crypto; i.e. all the ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of them are actually pretty problematic. Are there any worth keeping? I'd say you probably can't do that wholesale, but you probably can review and cull this list, particularly if there are good replacements. Thanks, Brian
On 04/01/2013 02:46 PM, Brian Smith wrote:
See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and See https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest My understanding is that <keygen> is supposed to replace window.crypto.generateCRMFRequest. So keygen was first, window.crypto.generateCRMFRequest() was made to fix some issues (and get some features like key-recovery). The new effort in <keygen> I think was meant to address those issues. I have no idea how common window.crypto.generateCRMFRequest is. Is it obsolete? Should it be removed? Does anybody have a link to a site that is using it for its intended purpose? If it is obsolete, I would like to remove it ASAP. I'm pretty sure it's still used by produces like this one: http://pki.fedoraproject.org/wiki/PKI_Main_Page
See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and See https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest
My understanding is that <keygen> is supposed to replace window.crypto.generateCRMFRequest. So keygen was first, window.crypto.generateCRMFRequest() was made to fix some issues (and get some features like key-recovery). The new effort in <keygen> I think was meant to address those issues.
I have no idea how common window.crypto.generateCRMFRequest is. Is it obsolete? Should it be removed? Does anybody have a link to a site that is using it for its intended purpose?
If it is obsolete, I would like to remove it ASAP. I'm pretty sure it's still used by produces like this one: http://pki.fedoraproject.org/wiki/PKI_Main_Page
I don't think you can remove it for a while. Server deployments lag client features by quite a few years. Servers don't implement new features supplied in clients until they are release. This type of feature isn't quite like a normal html feature, where you can update a .hmtl file or a content manager macro. These tags are usually tied more closely to the servers that use them.
More generally, I would like to remove all the Mozilla-proprietary methods and properties from window.crypto; i.e. all the ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of them are actually pretty problematic. Are there any worth keeping?
I'd say you probably can't do that wholesale, but you probably can review and cull this list, particularly if there are good replacements.
Thanks, Brian
The <keygen> tag does not support archival. There is no suitable replacement for generateCRMFRequest at this time. At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.
Replying to [comment:4 nkinder]:
At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.
Mozilla removed it in Firefox 33.
https://bugzilla.mozilla.org/show_bug.cgi?id=1030963 https://wiki.mozilla.org/SecurityEngineering/Removing_Proprietary_window.crypto_Functions
Metadata Update from @cfu: - Issue set to the milestone: 10.2 - 04/14 (April)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1147
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.