Took a look at this. Seems pretty good, so ACK, with a concern or two.
I think we might want to consider seeing if we can somehow short circuit the display to something that won't let them send to the server, when we know we don't even have the keygen tag available. So if tested to work with Firefox and Chrome, etc, ACK once again. ----- Original Message ----- From: "Matthew Harmsen" <[email protected]> To: "pki-devel" <[email protected]> Cc: "Jack Magne" <[email protected]> Sent: Thursday, May 12, 2016 3:45:11 PM Subject: [PATCH] Added Chrome keygen warning While testing chrome, we discovered that (a) keygen would soon not be supported: * https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/pX5NbX0Xack (b) although keygen is still supported, it has been disabled by default with a workaround provided to re-enable it: * https://support.quovadisglobal.com/kb/a470/deprecation-of-keygen-tag-in-chrome-chromium-browsers.aspx Please review the attached patch which supplies a warning message and instructions on how to re-enable keygen on Chrome browsers that support this: * PKI TRAC #2323 - Firefox Warning appears in EE page launched from within Chrome <https://fedorahosted.org/pki/ticket/2323> Additionally, an attempt was made to identify the case when KeyGen would not be available on Firefox and Chrome. -- Matt _______________________________________________ Pki-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-devel
