#577 Investigation for replacing crypto.generateCRMFRequest() with new <keygen> tag
Closed: Invalid None Opened 10 years ago by cfu.

task to investigate whether the newly improved <keygen> can do all we want it to do, including key archival for both RSA and ECC keys, and then later DSA keys as well.

On 04/01/2013 03:19 PM, Robert Relyea wrote:

On 04/01/2013 02:46 PM, Brian Smith wrote:

See https://bugzilla.mozilla.org/show_bug.cgi?id=524664 (bug 524664) and
See https://developer.mozilla.org/en-US/docs/JavaScript_crypto/generateCRMFRequest

My understanding is that <keygen> is supposed to replace window.crypto.generateCRMFRequest.
So keygen was first, window.crypto.generateCRMFRequest() was made to fix some issues (and get some features like key-recovery). The new effort in <keygen> I think was meant to address those issues.

I have no idea how common window.crypto.generateCRMFRequest is. Is it obsolete? Should it be removed? Does anybody have a link to a site that is using it for its intended purpose?

If it is obsolete, I would like to remove it ASAP.
I'm pretty sure it's still used by produces like this one: http://pki.fedoraproject.org/wiki/PKI_Main_Page

I don't think you can remove it for a while. Server deployments lag client features by quite a few years. Servers don't implement new features supplied in clients until they are release. This type of feature isn't quite like a normal html feature, where you can update a .hmtl file or a content manager macro. These tags are usually tied more closely to the servers that use them.

More generally, I would like to remove all the Mozilla-proprietary methods and properties from window.crypto; i.e. all the ones athttps://developer.mozilla.org/en-US/docs/JavaScript_crypto. Some of them are actually pretty problematic. Are there any worth keeping?

I'd say you probably can't do that wholesale, but you probably can review and cull this list, particularly if there are good replacements.

Thanks,
Brian


The <keygen> tag does not support archival. There is no suitable replacement for generateCRMFRequest at this time. At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.

Replying to [comment:4 nkinder]:

At this point, I don't believe Mozilla can/will remove this, so there's nothing to do on our side. If that decision changes, we will have to revisit this.

Mozilla removed it in Firefox 33.

https://bugzilla.mozilla.org/show_bug.cgi?id=1030963
https://wiki.mozilla.org/SecurityEngineering/Removing_Proprietary_window.crypto_Functions

Metadata Update from @cfu:
- Issue set to the milestone: 10.2 - 04/14 (April)

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1147

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata