Michael Ströder wrote: >Anders Rundgren wrote: >> I wouldn't spend much work on <keygen> and crypto.generateCRMFRequest > because they don't match today's needs anyway.
>Anders, does the word <keygen> trigger an automatic response in your >news bot? ;-} Well, some 1000h into its successor have left some traces :-) :-) >Your comment is not relevant in this context. Off course the *existing* >implementation of <keygen> and crypto.generateCRMFRequest should be >fully *documented* as Nelson suggested. Maybe, maybe not. I assume that private key transfer is only allowed (if possible at all) for encryption keys. It seems to me that this is a rather useless function since most organizations are more concerned about sent data than received ditto. I.e. key escrow doesn't work very well for organizations which is why Outlook has an entirely different approach to message escrow which actually works (clear-text message logging in parallell to encrypted messaging). If the fear is rather that the CA could impersonate a user, it can do that without notifying the user with warning dialogs. If the goal is rather providing encryption key backup for consumers, I guess we are back to the question if S/MIME encryption is for real or not. Based on actual usage by consumers this issue is already settled. That is, if private key transfer actually is enabled the correct solution [IMO] is not to dicument it, but to disable it. Anders > ----- Original Message ----- > From: "Michael Ströder" <mich...@stroeder.com> > Newsgroups: mozilla.dev.tech.crypto > To: <dev-tech-crypto@lists.mozilla.org> > Sent: Sunday, December 28, 2008 13:38 > Subject: Re: Security-Critical Information (i.e. Private Key) transmittedby > Firefox to CA (i.e. > Thawte) during X.509 key/cert generation > > > Nelson B Bolyard wrote: >> I also think we need a page or two on developer.mozilla.org that fully >> documents both the <keygen> tag and the crypto.generateCRMFRequest method. > > +1 > >> The existing documentation is very incomplete. The <keygen> tag, for >> example, accepts many more arguments than are now publicly documented. > > Which arguments are that? > > Ciao, Michael. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
