Kaspar Brand wrote: > Michael Ströder wrote: >> I'd love to have an option to forbid CRMFRequest calls... > > Not too difficult to achieve, actually. Just add this line to your > prefs.js: > > user_pref("capability.policy.default.Crypto.generateCRMFRequest", "noAccess"); > >> I personally don't know whether the current Mozilla implementation of >> crypto.generateCRMFRequest includes the private key of an encryption >> cert. > > Only if you tell it do so, and only if it's a key-exchange-only key. [1] > Additionally, an "Encryption Key Copy" warning dialog will be presented > when key escrow is attempted - try the attached demo. [2]
Good to know all that. >> But there is some Javascript and the HTML looks like >> this: >> >> <select name="spkac" challenge="tURRaHXxYBDwCk58"><option>2048 (High >> Grade)</option><option>1024 (Medium Grade)</option></select> > > What browser were you using in this case, and for what certificate > were you applying? Seamonkey 1.1.14 > I still see <keygen> elements when enrolling > for a new Thawte Freemail certificate with Firefox or Seamonkey I used "View Selection Source" from the context menu. > (note that when saving an HTML page with the "Web Page, complete" > option, the keygen tag is converted into a <select> element, > so maybe that explains the effect you're seeing). Uuurgs! Yes, that would be an explanation. Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto