On 04/07/2009 06:37 AM, Ian Hickson:
Among glaring omissions I would include:
- No support for PINs and associated policies
- No support for TPMs
- No support for key management
I haven't added any new features to<keygen> at this time. I want to start
by making sure the spec as written matches reality.
The spec says: "The |keygen
<http://www.whatwg.org/specs/web-apps/current-work/#the-keygen-element>|
element represents
<http://www.whatwg.org/specs/web-apps/current-work/#represents> a key
pair generator control. When the control's form is submitted, the
private key is stored in the local keystore, and the public key is
packaged and sent to the server."
However the store can be any of the choice of the user, including smart
cards. Not sure if this is covered under local keystore or if keystore
was a reference to the software device only.
Adding parameters which adds additional control such a policies and
forcing of smart cards (storage device) would be extremely helpful, once
you get to add some features.
--
Regards
Signer: Eddy Nigg, StartCom Ltd.
Jabber: start...@startcom.org
Blog: https://blog.startcom.org
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
