Jean-Marc Desperrier wrote:
Robert Relyea wrote:
The crypto object offers a logout method that does it.
>
http://mxr.mozilla.org/security/source/security/manager/ssl/src/nsCrypto.cpp#2875
>
This will get Anders what he needs right now. (side effect, everything
is logged out).
This also means that crypto.logout() is really useful, and until now
about nobody used it, because nobody just knew about it.
Being able to get a client certificate prompt again without restarting
the browser is really useful, even with the side effect.
I modified MDC to document what it does exactly.
https://developer.mozilla.org/en/JavaScript_crypto#Miscellaneous
If I'm saying anything wrong, or if my wording can be improved, don't
hesitate. I tested the behavior described so I believe it's correct.
What can I say except thank you very much guys!
My initial testing indicates that there indeed is a logout and it
does similar things to MSIE's counterpart and maybe even better because
MSIE makes Tomcat a bit displeased since MSIE seems to drop the
TCP connection as well.
Unfortunately this also demonstrates what I have been pestering
this and other lists with for years; namely the limited attention
the "web PKI client" has got by standards organizations.
Which is also the reason why I want to use Firefox as the foundation
for a set of new "de-facto-standards" with on-line provisioning as
the #1 target.
I just had a chat with a large government agency that wanted to let
foreigners all over the world login to the agency's cloud service.
For authentication they will use a PKI and a relatively
light-weight enrollment methods which of course is entirely incompatible
with physical distribution of smart cards! That there is no market or
need for a "Cloud" Token is for sure entirely wrong, it probably rather
the opposite, "Cloud" Tokens can serve the bulk of the Internet auth
scenarios because it should work equally well in an intranet for 10 people
as it would for Facebook's 400M+ users.
anders
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
