Kaspar Brand wrote:
> Michael Ströder wrote:
>> I'd love to have an option to forbid CRMFRequest calls...
>
> Not too difficult to achieve, actually. Just add this line to your
> prefs.js:
>
> user_pref("capability.policy.default.Crypto.generateCRMFRequest", "noAccess");
>
>> I personally don't know whether the current Mozilla implementation of
>> crypto.generateCRMFRequest includes the private key of an encryption
>> cert.
>
> Only if you tell it do so, and only if it's a key-exchange-only key. [1]
> Additionally, an "Encryption Key Copy" warning dialog will be presented
> when key escrow is attempted - try the attached demo. [2]
Good to know all that.
>> But there is some Javascript and the HTML looks like
>> this:
>>
>> <select name="spkac" challenge="tURRaHXxYBDwCk58"><option>2048 (High
>> Grade)</option><option>1024 (Medium Grade)</option></select>
>
> What browser were you using in this case, and for what certificate
> were you applying?
Seamonkey 1.1.14
> I still see <keygen> elements when enrolling
> for a new Thawte Freemail certificate with Firefox or Seamonkey
I used "View Selection Source" from the context menu.
> (note that when saving an HTML page with the "Web Page, complete"
> option, the keygen tag is converted into a <select> element,
> so maybe that explains the effect you're seeing).
Uuurgs! Yes, that would be an explanation.
Ciao, Michael.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
