I wouldn't spend much work on <keygen> and crypto.generateCRMFRequest because they don't match today's needs anyway. You cannot even as an issuer control PIN code settings (policy) unless you have a pre-configured crypto container, i.e. these mechanisms are tools for toy PKIs.
Serious PKIs use smart cards and physical card/key/certificate distribution because the on-line alternatives are more or less useless in addition to being completely non-standard. The coming HTML5 standards work does not even *try* to address this mess. I think they did the right thing; PKI standards in browsers reached an "all-time-high" already 10 years ago. PKIX are not aware of the problem because PKIX don't do browsers, they do ASN.1. Anders ----- Original Message ----- From: "Michael Ströder" <mich...@stroeder.com> Newsgroups: mozilla.dev.tech.crypto To: <dev-tech-crypto@lists.mozilla.org> Sent: Sunday, December 28, 2008 13:38 Subject: Re: Security-Critical Information (i.e. Private Key) transmittedby Firefox to CA (i.e. Thawte) during X.509 key/cert generation Nelson B Bolyard wrote: > I also think we need a page or two on developer.mozilla.org that fully > documents both the <keygen> tag and the crypto.generateCRMFRequest method. +1 > The existing documentation is very incomplete. The <keygen> tag, for > example, accepts many more arguments than are now publicly documented. Which arguments are that? Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto