On Jul 24, 5:09 pm, Nelson B Bolyard <[EMAIL PROTECTED]> wrote: > joshuaaa wrote, On 2008-07-24 06:56: > > > This is part of a project to increase security here at work. To be > > honest, I'm not completely sure of all the details. I've just been > > asked to add/remove user certificates while the browser is running. > > User certificates? Certificates for which the user has the private key? > or CA certificates? Big difference there, because user certificates also > necessitate dealing with private keys. >
Yep, user certificates. > Doing it while the browser is running means doing it inside the browser, > using the NSS in the browser, not a separate process with a separate copy. > > >> Are you just trying to put a new root cert in a browser? > >> That can be done using features already built into the browser without > >> any Java or JavaScript. > > > I do need to import a root cert, but I need to do it programatically. > > What does that mean? (Everything done on a computer is done > programmatically.) Does it mean "without the user's control and consent"? > No, definitely not without user consent. More like an .jar file that we distribute and have the users run to ensure that everything goes as smoothly as possible. > Changing the browser so that it will alter the things on which the user's > security depends, without the user's control, is a bad guy's dream come > true, of course. So, if the motives are really "to increase security > here at work", and not merely "to make IT's job easier at work", one needs > to consider the potential unintended consequences of the changes being > proposed (which are still not entirely clear). > A bad guy's dream came true a long time ago, I think they called it IE. I have no desire, nor the know-how, to compromise security in firefox. Though, I do understand your concern. > I suggest you look > athttp://developer.mozilla.org/en/docs/NSS_Certificate_Download_Specifi... > for ideas on importing certs. Thanks for the link Nelson, but i've been through those docs. My main concern at this point is how to remove a user certificate while the browser is running. I have not come across anything useful for that. I wonder if the JSS guru (I believe it was glen) has any ideas on how I can accomplish this. Thanks! _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
