On 06/27/2014 12:13 AM, Frederik Braun wrote: > To be frank, I have only ever seen the non-standard crypto functions > used in attacks, rather than in purposeful use.
That doesn't mean that aren't being purposefully used. The current crypto functions are used pretty heavily by Dogtag Certificate System [1], and this has been the case for many years. I believe that one of the big things lacking in WebCrypto is a suitable replcement for generateCRMFRequest(), which allows for key escrow. I'm not certain if an addon will be able to replace this functionality. -NGK [1] http://dogtagpki.org/wiki/PKI_Main_Page > > +1 to unimplement. > > On 26.06.2014 22:40, David Keeler wrote: >> [dev.platform cc'd for visibility - please follow-up to dev.tech.crypto] >> >> Summary: >> We intend to remove the proprietary window.crypto functions and >> properties. See >> https://developer.mozilla.org/en-US/docs/JavaScript_crypto for what will >> be affected by this change. >> Our reasoning is as follows: These functions have never been (and never >> will be) standardized. The implementation has near-nonexistent test >> coverage. What few tests exist were written as a result of finding >> easily-encountered bugs years after the original implementation >> landed[0][1][2]. As it is exposed to web content, it represents a >> considerable attack surface. It is not well-maintained. It is >> incompatible with our process-separation and sandboxing efforts. It is >> not supported or enabled on Firefox OS. >> Meanwhile, we are making progress on implementing the webcrypto >> specification[3]. When complete, webcrypto should provide compatible >> functionality for what these functions are currently being used to do. >> Any functionality not implementable using webcrypto is available to >> addons (see the interfaces in security/manager/ssl/public). >> >> Note: this does not include window.crypto.subtle or >> window.crypto.getRandomValues, which are part of webcrypto and do not >> need to be removed. >> >> Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1030963 >> >> Spec: n/a >> >> Platform coverage: desktop, android >> >> Target release: 33 >> >> Pref: n/a >> >> [0] https://bugzilla.mozilla.org/show_bug.cgi?id=849553 >> [1] https://bugzilla.mozilla.org/show_bug.cgi?id=934716 >> [2] https://bugzilla.mozilla.org/show_bug.cgi?id=935618 >> [3] https://bugzilla.mozilla.org/show_bug.cgi?id=865789 >> > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
