Anders Rundgren wrote: > "Nelson B Bolyard" wrote [to the WHATWG list]: > > <snip> > >> I think that the KEYGEN tag's attributes could be extended to accept all >> the arguments that can be passed to crypto.generateCRMFRequest, quite easily. > > Yes, but the crypto.* functions could be extended to do things you would never > be able to do in a page mark-up language like capability discovery.
I don't see any reason why the browser should not be capable to present <keygen> as a list for choosing one of the available PKCS#11- or CAPI-based key stores and the wanted key length. >> Which is more likely to be adopted as a cross browser standard? >> A new html tag? or a new JavaScript object/method? > > Probably none of these alternatives. All other efforts in this space > (KEYPROV, > KMIP, SKSML, XKMS, KeyGen2, etc.) builds on a protocol concept For security reasons I'd strongly prefer something which is rather hard-coded in the browser and not a protocol between the enrollment web app and the browser's key store. > If Mozilla would like to contribute to progress, I think you should start in > another end, and see how protocols could be invoked in FireFox in a > generic fashion. It always rings some bells regarding generic protocols. The more flexible they are the harder it is for implementors to get them securely implemented. One of the real caveats of PKIX is the complexity. Ciao, Michael. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
