On Mar 30, 12:23 pm, Jean-Marc Desperrier <jmd...@gmail.com> wrote: > The most adequate group for this discussion would be mozilla.dev.tech.crypto > > I agree than enhancing generateCRMFRequest to let it generate a more > usual format instead of only CRMF would be a big step forward. > > And making more obvious that keygen is not a good long term solution is > a very good thing.
Sigh. If I received an Euro for every time I heard people talk about how keygen should be deprecated in favor of non-existing, non-planned, non-agreed-upon Crypto-APIs I'd become rich a long time ago. Memories of that HTML5-WG discussion are still popping up: http://www.ietf.org/mail-archive/web/keyprov/current/msg00806.html Sadly, if you want to do browser-signing nowadays you have about as much as keygen (and generateCRMFRequest, which is actually nice, but the format it deals with, aren't and it does not support some DNs which keygen will accept*). So, no, keygen is not a good long term solution, but it is a solution and currently quite the only one for non-IE browsers ;-) /Thomas * We have DNs of the form /C=cc/O=org/CN=John Doe/ unstructuredname=...@org.edu which keygen, CertEnroll.dll and XEnroll.dll accept, but generateCRMFRequest does not. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
