Mr nospam,
nospam wrote:
Are mozilla and openssl commercial products? If so, I've had a
misconception. If apache uses openssl (and it does), and suddenly
openssl is gone, it harms apache...which harms mozilla.
Sorry, but I don't see how harm to Apache harms Mozilla. They don't
share code. They interoperate - but commercial products do that too.
Mozilla also interoperates with commercial server products, and Apache
also interoperates with commercial client products.
The features I mentioned above are all implemented in moz browser
products,
accessible via html, javascript, and the GUI. (At least in Mozilla 1.x,
and probably in FireFox too.) They are also available in command line
utilities. Start looking here:
http://www.google.com/search?num=100&q=keygen-tag
Sorry, I did not know what to search for, as mozilla itself does not
present any clues that this was even a possibility. I have no magic to
pop "generateCRMFRequest" into my brain to search for. That's why I ask.
If I must learn javascript or build programs that for example use
"crypto.generateCRMFRequest()", then it is probably better to use
openssl. I'm certainly not going to refer someone I'm trying to help to
a programmer's man page, that'd be a total failure. I'm looking for
tools to do the job, not API's to write something with.
You seem to misunderstand the audience. It's the job of the CA to take
advantage of the APIs and leverage the features of the browser to
trigger the keygen. This can be done transparently in pages served by
the CA's web server that include Javascript code. This is far simpler
than asking anyone to run any tool !
I believe that most browsers are able. IINM, Safari offers the same
<keygen> tag as do Mozilla and Netscape. The methods by which a web page
requests the generation of cert signing requests varies from one to
another,
but the ability is there in most, if not all.
At this point it looks like it is easier to use openssl. I need one
simple way to do this that I can send to other people who know nothing
about programming or public/private key structure. I can't ask anyone to
create scripts or edit javascript.
openssl certainly doesn't come standard on most operating systems, so
relying on it is a big barrier to entry. It's additional work for
someone to locate, download, install and manually run it . I think
you'll agree that taking advantage of a tag in a browser that the user
is already running is far easier.
_______________________________________________
mozilla-crypto mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-crypto
